From bdf46afb78b3180fb63f79368e436ebb30b68997 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 14:55:08 -0400 Subject: [PATCH] feat: Add client for IAM Deny v2 API (#230) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Create the public IAM Deny v2 API PiperOrigin-RevId: 470600752 Source-Link: https://github.com/googleapis/googleapis/commit/dac66f65613ec8ce243622f18725d160aebd9ced Source-Link: https://github.com/googleapis/googleapis-gen/commit/729529edc103e45087ffae8353eaf009ad7fe8c2 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNzI5NTI5ZWRjMTAzZTQ1MDg3ZmZhZTgzNTNlYWYwMDlhZDdmZThjMiJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * regenerate files using cl/470713093 * workaround docstring formatting issue * add pytest to samples CI * lint * fix import statement in samples/snippets * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): migrate samples from iam_v2beta to iam_v2 * update required checks to include samples * use GOOGLE_CLOUD_PROJECT * fix imports in samples/snippets * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * add pytest * chore(python): prepare for release of the iam/v2 python client PiperOrigin-RevId: 471240188 Source-Link: https://github.com/googleapis/googleapis/commit/ea847a1bdd969fced5b13cfa70a0119cd1652cd1 Source-Link: https://github.com/googleapis/googleapis-gen/commit/6f1e4cd013ab2914773826e68b2a2d0763030a39 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNmYxZTRjZDAxM2FiMjkxNDc3MzgyNmU2OGIyYTJkMDc2MzAzMGEzOSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * feat: Bump gapic-generator-python version to 1.3.0 PiperOrigin-RevId: 472561635 Source-Link: https://github.com/googleapis/googleapis/commit/332ecf599f8e747d8d1213b77ae7db26eff12814 Source-Link: https://github.com/googleapis/googleapis-gen/commit/4313d682880fd9d7247291164d4e9d3d5bd9f177 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNDMxM2Q2ODI4ODBmZDlkNzI0NzI5MTE2NGQ0ZTlkM2Q1YmQ5ZjE3NyJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * chore: use gapic-generator-python 1.3.1 PiperOrigin-RevId: 472772457 Source-Link: https://github.com/googleapis/googleapis/commit/855b74d203deeb0f7a0215f9454cdde62a1f9b86 Source-Link: https://github.com/googleapis/googleapis-gen/commit/b64b1e7da3e138f15ca361552ef0545e54891b4f Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYjY0YjFlN2RhM2UxMzhmMTVjYTM2MTU1MmVmMDU0NWU1NDg5MWI0ZiJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * fix: integrate gapic-generator-python-1.4.1 and enable more py_test targets PiperOrigin-RevId: 473833416 Source-Link: https://github.com/googleapis/googleapis/commit/565a5508869557a3228b871101e4e4ebd8f93d11 Source-Link: https://github.com/googleapis/googleapis-gen/commit/1ee1a06c6de3ca8b843572c1fde0548f84236989 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMWVlMWEwNmM2ZGUzY2E4Yjg0MzU3MmMxZmRlMDU0OGY4NDIzNjk4OSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * updated test to delete stale policies and avoid quota error * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * feat!: remove ListApplicablePolicies PiperOrigin-RevId: 475955031 Source-Link: https://github.com/googleapis/googleapis/commit/65376f43de1a43dcd40b21a5c2f844bde0049604 Source-Link: https://github.com/googleapis/googleapis-gen/commit/c8504e97891ed9e664cf68270d7e61bec160fe57 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYzg1MDRlOTc4OTFlZDllNjY0Y2Y2ODI3MGQ3ZTYxYmVjMTYwZmU1NyJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * samples: wait for the operation to complete * samples: minor refactoring * use project `python-docs-samples-tests` Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou Co-authored-by: Sita Lakshmi Sangameswaran Co-authored-by: SitaLakshmi --- .../.github/sync-repo-settings.yaml | 36 + .../google-cloud-iam/docs/iam_v2/policies.rst | 10 + .../google-cloud-iam/docs/iam_v2/services.rst | 6 + .../google-cloud-iam/docs/iam_v2/types.rst | 7 + packages/google-cloud-iam/docs/index.rst | 10 +- .../services/iam_credentials/async_client.py | 30 +- .../services/iam_credentials/client.py | 30 +- .../google/cloud/iam_v2/__init__.py | 44 + .../google/cloud/iam_v2/gapic_metadata.json | 73 + .../google/cloud/iam_v2/py.typed | 2 + .../google/cloud/iam_v2/services/__init__.py | 15 + .../iam_v2/services/policies/__init__.py | 22 + .../iam_v2/services/policies/async_client.py | 939 ++++++ .../cloud/iam_v2/services/policies/client.py | 1113 +++++++ .../cloud/iam_v2/services/policies/pagers.py | 155 + .../services/policies/transports/__init__.py | 32 + .../services/policies/transports/base.py | 276 ++ .../services/policies/transports/grpc.py | 418 +++ .../policies/transports/grpc_asyncio.py | 421 +++ .../google/cloud/iam_v2/types/__init__.py | 40 + .../google/cloud/iam_v2/types/deny.py | 141 + .../google/cloud/iam_v2/types/policy.py | 379 +++ .../services/policies/async_client.py | 35 + .../iam_v2beta/services/policies/client.py | 35 + packages/google-cloud-iam/mypy.ini | 2 +- packages/google-cloud-iam/owlbot.py | 23 +- packages/google-cloud-iam/samples/__init__.py | 0 ..._generated_policies_create_policy_async.py | 56 + ...2_generated_policies_create_policy_sync.py | 56 + ..._generated_policies_delete_policy_async.py | 56 + ...2_generated_policies_delete_policy_sync.py | 56 + ..._v2_generated_policies_get_policy_async.py | 52 + ...m_v2_generated_policies_get_policy_sync.py | 52 + ...policies_list_applicable_policies_async.py | 53 + ..._policies_list_applicable_policies_sync.py | 53 + ..._generated_policies_list_policies_async.py | 53 + ...2_generated_policies_list_policies_sync.py | 53 + ..._generated_policies_update_policy_async.py | 55 + ...2_generated_policies_update_policy_sync.py | 55 + ..._generated_policies_create_policy_async.py | 7 + ...a_generated_policies_create_policy_sync.py | 7 + ..._generated_policies_delete_policy_async.py | 7 + ...a_generated_policies_delete_policy_sync.py | 7 + ...eta_generated_policies_get_policy_async.py | 7 + ...beta_generated_policies_get_policy_sync.py | 7 + ..._generated_policies_list_policies_async.py | 7 + ...a_generated_policies_list_policies_sync.py | 7 + ..._generated_policies_update_policy_async.py | 7 + ...a_generated_policies_update_policy_sync.py | 7 + ...credentials_generate_access_token_async.py | 9 +- ..._credentials_generate_access_token_sync.py | 9 +- ...iam_credentials_generate_id_token_async.py | 7 + ..._iam_credentials_generate_id_token_sync.py | 7 + ...nerated_iam_credentials_sign_blob_async.py | 7 + ...enerated_iam_credentials_sign_blob_sync.py | 7 + ...enerated_iam_credentials_sign_jwt_async.py | 7 + ...generated_iam_credentials_sign_jwt_sync.py | 7 + .../snippet_metadata_iam credentials_v1.json | 160 +- .../snippet_metadata_iam_v2.json | 827 +++++ .../snippet_metadata_iam_v2beta.json | 200 +- .../samples/snippets/conftest.py | 27 +- .../samples/snippets/create_deny_policy.py | 13 +- .../samples/snippets/delete_deny_policy.py | 10 +- .../samples/snippets/get_deny_policy.py | 9 +- .../samples/snippets/list_deny_policies.py | 6 +- .../samples/snippets/noxfile_config.py | 2 +- .../samples/snippets/requirements-test.txt | 1 + .../samples/snippets/test_deny_policies.py | 14 +- .../samples/snippets/update_deny_policy.py | 11 +- .../scripts/fixup_iam_v2_keywords.py | 180 ++ .../test_iam_credentials.py | 5 +- .../tests/unit/gapic/iam_v2/__init__.py | 15 + .../tests/unit/gapic/iam_v2/test_policies.py | 2806 +++++++++++++++++ .../unit/gapic/iam_v2beta/test_policies.py | 5 +- 74 files changed, 9134 insertions(+), 231 deletions(-) create mode 100644 packages/google-cloud-iam/.github/sync-repo-settings.yaml create mode 100644 packages/google-cloud-iam/docs/iam_v2/policies.rst create mode 100644 packages/google-cloud-iam/docs/iam_v2/services.rst create mode 100644 packages/google-cloud-iam/docs/iam_v2/types.rst create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/__init__.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/gapic_metadata.json create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/py.typed create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/__init__.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/__init__.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/async_client.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/client.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/pagers.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/__init__.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/base.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc_asyncio.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/types/__init__.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/types/deny.py create mode 100644 packages/google-cloud-iam/google/cloud/iam_v2/types/policy.py create mode 100644 packages/google-cloud-iam/samples/__init__.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_async.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_sync.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_async.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_sync.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_async.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_sync.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_async.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_sync.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_async.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_sync.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_async.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_sync.py create mode 100644 packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2.json create mode 100644 packages/google-cloud-iam/samples/snippets/requirements-test.txt create mode 100644 packages/google-cloud-iam/scripts/fixup_iam_v2_keywords.py create mode 100644 packages/google-cloud-iam/tests/unit/gapic/iam_v2/__init__.py create mode 100644 packages/google-cloud-iam/tests/unit/gapic/iam_v2/test_policies.py diff --git a/packages/google-cloud-iam/.github/sync-repo-settings.yaml b/packages/google-cloud-iam/.github/sync-repo-settings.yaml new file mode 100644 index 000000000000..a285c7928254 --- /dev/null +++ b/packages/google-cloud-iam/.github/sync-repo-settings.yaml @@ -0,0 +1,36 @@ +# https://github.com/googleapis/repo-automation-bots/tree/main/packages/sync-repo-settings +# Rules for main branch protection +branchProtectionRules: +# Identifies the protection rule pattern. Name of the branch to be protected. +# Defaults to `main` +- pattern: main + requiresCodeOwnerReviews: true + requiresStrictStatusChecks: true + requiredStatusCheckContexts: + - 'cla/google' + - 'OwlBot Post Processor' + - 'docs' + - 'docfx' + - 'lint' + - 'unit (3.6)' + - 'unit (3.7)' + - 'unit (3.8)' + - 'unit (3.9)' + - 'unit (3.10)' + - 'cover' + - 'Samples - Lint' + - 'Samples - Python 3.7' + - 'Samples - Python 3.8' + - 'Samples - Python 3.9' + - 'Samples - Python 3.10' +permissionRules: + - team: actools-python + permission: admin + - team: actools + permission: admin + - team: yoshi-python + permission: push + - team: python-samples-owners + permission: push + - team: python-samples-reviewers + permission: push diff --git a/packages/google-cloud-iam/docs/iam_v2/policies.rst b/packages/google-cloud-iam/docs/iam_v2/policies.rst new file mode 100644 index 000000000000..4716ad11d915 --- /dev/null +++ b/packages/google-cloud-iam/docs/iam_v2/policies.rst @@ -0,0 +1,10 @@ +Policies +-------------------------- + +.. automodule:: google.cloud.iam_v2.services.policies + :members: + :inherited-members: + +.. automodule:: google.cloud.iam_v2.services.policies.pagers + :members: + :inherited-members: diff --git a/packages/google-cloud-iam/docs/iam_v2/services.rst b/packages/google-cloud-iam/docs/iam_v2/services.rst new file mode 100644 index 000000000000..f70f98fdbd18 --- /dev/null +++ b/packages/google-cloud-iam/docs/iam_v2/services.rst @@ -0,0 +1,6 @@ +Services for Google Cloud Iam v2 API +==================================== +.. toctree:: + :maxdepth: 2 + + policies diff --git a/packages/google-cloud-iam/docs/iam_v2/types.rst b/packages/google-cloud-iam/docs/iam_v2/types.rst new file mode 100644 index 000000000000..00a7f6579319 --- /dev/null +++ b/packages/google-cloud-iam/docs/iam_v2/types.rst @@ -0,0 +1,7 @@ +Types for Google Cloud Iam v2 API +================================= + +.. automodule:: google.cloud.iam_v2.types + :members: + :undoc-members: + :show-inheritance: diff --git a/packages/google-cloud-iam/docs/index.rst b/packages/google-cloud-iam/docs/index.rst index e7188363b7fc..6a06598c141c 100644 --- a/packages/google-cloud-iam/docs/index.rst +++ b/packages/google-cloud-iam/docs/index.rst @@ -2,9 +2,14 @@ .. include:: multiprocessing.rst -This package includes clients for multiple versions of Cloud Identity and Access Management. -By default, you will get version ``iam_credentials_v1``. +API Reference +------------- +.. toctree:: + :maxdepth: 2 + + iam_v2/services + iam_v2/types API Reference ------------- @@ -22,7 +27,6 @@ API Reference iam_v2beta/services iam_v2beta/types - Migration Guide --------------- diff --git a/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py b/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py index afcc9f8ad17e..e369c2aaa33b 100644 --- a/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py +++ b/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py @@ -234,6 +234,13 @@ async def generate_access_token( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 async def sample_generate_access_token(): @@ -243,7 +250,7 @@ async def sample_generate_access_token(): # Initialize request argument(s) request = iam_credentials_v1.GenerateAccessTokenRequest( name="name_value", - scope=['scope_value_1', 'scope_value_2'], + scope=['scope_value1', 'scope_value2'], ) # Make the request @@ -391,6 +398,13 @@ async def generate_id_token( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 async def sample_generate_id_token(): @@ -541,6 +555,13 @@ async def sign_blob( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 async def sample_sign_blob(): @@ -678,6 +699,13 @@ async def sign_jwt( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 async def sample_sign_jwt(): diff --git a/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/client.py b/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/client.py index 086a9a9ff84f..ecb432d1ac57 100644 --- a/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/client.py +++ b/packages/google-cloud-iam/google/cloud/iam_credentials_v1/services/iam_credentials/client.py @@ -455,6 +455,13 @@ def generate_access_token( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 def sample_generate_access_token(): @@ -464,7 +471,7 @@ def sample_generate_access_token(): # Initialize request argument(s) request = iam_credentials_v1.GenerateAccessTokenRequest( name="name_value", - scope=['scope_value_1', 'scope_value_2'], + scope=['scope_value1', 'scope_value2'], ) # Make the request @@ -602,6 +609,13 @@ def generate_id_token( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 def sample_generate_id_token(): @@ -742,6 +756,13 @@ def sign_blob( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 def sample_sign_blob(): @@ -869,6 +890,13 @@ def sign_jwt( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 def sample_sign_jwt(): diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/__init__.py b/packages/google-cloud-iam/google/cloud/iam_v2/__init__.py new file mode 100644 index 000000000000..cc79688ed0e1 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/__init__.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from .services.policies import PoliciesAsyncClient, PoliciesClient +from .types.deny import DenyRule +from .types.policy import ( + CreatePolicyRequest, + DeletePolicyRequest, + GetPolicyRequest, + ListPoliciesRequest, + ListPoliciesResponse, + Policy, + PolicyOperationMetadata, + PolicyRule, + UpdatePolicyRequest, +) + +__all__ = ( + "PoliciesAsyncClient", + "CreatePolicyRequest", + "DeletePolicyRequest", + "DenyRule", + "GetPolicyRequest", + "ListPoliciesRequest", + "ListPoliciesResponse", + "PoliciesClient", + "Policy", + "PolicyOperationMetadata", + "PolicyRule", + "UpdatePolicyRequest", +) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/gapic_metadata.json b/packages/google-cloud-iam/google/cloud/iam_v2/gapic_metadata.json new file mode 100644 index 000000000000..917960055c88 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/gapic_metadata.json @@ -0,0 +1,73 @@ + { + "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", + "language": "python", + "libraryPackage": "google.cloud.iam_v2", + "protoPackage": "google.iam.v2", + "schema": "1.0", + "services": { + "Policies": { + "clients": { + "grpc": { + "libraryClient": "PoliciesClient", + "rpcs": { + "CreatePolicy": { + "methods": [ + "create_policy" + ] + }, + "DeletePolicy": { + "methods": [ + "delete_policy" + ] + }, + "GetPolicy": { + "methods": [ + "get_policy" + ] + }, + "ListPolicies": { + "methods": [ + "list_policies" + ] + }, + "UpdatePolicy": { + "methods": [ + "update_policy" + ] + } + } + }, + "grpc-async": { + "libraryClient": "PoliciesAsyncClient", + "rpcs": { + "CreatePolicy": { + "methods": [ + "create_policy" + ] + }, + "DeletePolicy": { + "methods": [ + "delete_policy" + ] + }, + "GetPolicy": { + "methods": [ + "get_policy" + ] + }, + "ListPolicies": { + "methods": [ + "list_policies" + ] + }, + "UpdatePolicy": { + "methods": [ + "update_policy" + ] + } + } + } + } + } + } +} diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/py.typed b/packages/google-cloud-iam/google/cloud/iam_v2/py.typed new file mode 100644 index 000000000000..a8a7868953e6 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-iam package uses inline types. diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/__init__.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/__init__.py new file mode 100644 index 000000000000..e8e1c3845db5 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/__init__.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/__init__.py new file mode 100644 index 000000000000..15a6ab9a0c62 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .async_client import PoliciesAsyncClient +from .client import PoliciesClient + +__all__ = ( + "PoliciesClient", + "PoliciesAsyncClient", +) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/async_client.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/async_client.py new file mode 100644 index 000000000000..d852af6b7b3c --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/async_client.py @@ -0,0 +1,939 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +import functools +import re +from typing import Dict, Mapping, Optional, Sequence, Tuple, Type, Union + +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry as retries +from google.api_core.client_options import ClientOptions +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore +import pkg_resources + +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object] # type: ignore + +from google.api_core import operation # type: ignore +from google.api_core import operation_async # type: ignore +from google.longrunning import operations_pb2 +from google.protobuf import timestamp_pb2 # type: ignore + +from google.cloud.iam_v2.services.policies import pagers +from google.cloud.iam_v2.types import policy +from google.cloud.iam_v2.types import policy as gi_policy + +from .client import PoliciesClient +from .transports.base import DEFAULT_CLIENT_INFO, PoliciesTransport +from .transports.grpc_asyncio import PoliciesGrpcAsyncIOTransport + + +class PoliciesAsyncClient: + """An interface for managing Identity and Access Management + (IAM) policies. + """ + + _client: PoliciesClient + + DEFAULT_ENDPOINT = PoliciesClient.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = PoliciesClient.DEFAULT_MTLS_ENDPOINT + + common_billing_account_path = staticmethod( + PoliciesClient.common_billing_account_path + ) + parse_common_billing_account_path = staticmethod( + PoliciesClient.parse_common_billing_account_path + ) + common_folder_path = staticmethod(PoliciesClient.common_folder_path) + parse_common_folder_path = staticmethod(PoliciesClient.parse_common_folder_path) + common_organization_path = staticmethod(PoliciesClient.common_organization_path) + parse_common_organization_path = staticmethod( + PoliciesClient.parse_common_organization_path + ) + common_project_path = staticmethod(PoliciesClient.common_project_path) + parse_common_project_path = staticmethod(PoliciesClient.parse_common_project_path) + common_location_path = staticmethod(PoliciesClient.common_location_path) + parse_common_location_path = staticmethod(PoliciesClient.parse_common_location_path) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PoliciesAsyncClient: The constructed client. + """ + return PoliciesClient.from_service_account_info.__func__(PoliciesAsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PoliciesAsyncClient: The constructed client. + """ + return PoliciesClient.from_service_account_file.__func__(PoliciesAsyncClient, filename, *args, **kwargs) # type: ignore + + from_service_account_json = from_service_account_file + + @classmethod + def get_mtls_endpoint_and_cert_source( + cls, client_options: Optional[ClientOptions] = None + ): + """Return the API endpoint and client cert source for mutual TLS. + + The client cert source is determined in the following order: + (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the + client cert source is None. + (2) if `client_options.client_cert_source` is provided, use the provided one; if the + default client cert source exists, use the default one; otherwise the client cert + source is None. + + The API endpoint is determined in the following order: + (1) if `client_options.api_endpoint` if provided, use the provided one. + (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the + default mTLS endpoint; if the environment variabel is "never", use the default API + endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise + use the default API endpoint. + + More details can be found at https://google.aip.dev/auth/4114. + + Args: + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. Only the `api_endpoint` and `client_cert_source` properties may be used + in this method. + + Returns: + Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the + client cert source to use. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If any errors happen. + """ + return PoliciesClient.get_mtls_endpoint_and_cert_source(client_options) # type: ignore + + @property + def transport(self) -> PoliciesTransport: + """Returns the transport used by the client instance. + + Returns: + PoliciesTransport: The transport used by the client instance. + """ + return self._client.transport + + get_transport_class = functools.partial( + type(PoliciesClient).get_transport_class, type(PoliciesClient) + ) + + def __init__( + self, + *, + credentials: ga_credentials.Credentials = None, + transport: Union[str, PoliciesTransport] = "grpc_asyncio", + client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the policies client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.PoliciesTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client = PoliciesClient( + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, + ) + + async def list_policies( + self, + request: Union[policy.ListPoliciesRequest, dict] = None, + *, + parent: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListPoliciesAsyncPager: + r"""Retrieves the policies of the specified kind that are + attached to a resource. + + The response lists only policy metadata. In particular, + policy rules are omitted. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + async def sample_list_policies(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.ListPoliciesRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_policies(request=request) + + # Handle the response + async for response in page_result: + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.ListPoliciesRequest, dict]): + The request object. Request message for `ListPolicies`. + parent (:class:`str`): + Required. The resource that the policy is attached to, + along with the kind of policy to list. Format: + ``policies/{attachment_point}/denypolicies`` + + The attachment point is identified by its URL-encoded + full resource name, which means that the forward-slash + character, ``/``, must be written as ``%2F``. For + example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iam_v2.services.policies.pagers.ListPoliciesAsyncPager: + Response message for ListPolicies. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = policy.ListPoliciesRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_policies, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListPoliciesAsyncPager( + method=rpc, + request=request, + response=response, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_policy( + self, + request: Union[policy.GetPolicyRequest, dict] = None, + *, + name: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy.Policy: + r"""Gets a policy. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + async def sample_get_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.GetPolicyRequest( + name="name_value", + ) + + # Make the request + response = await client.get_policy(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.GetPolicyRequest, dict]): + The request object. Request message for `GetPolicy`. + name (:class:`str`): + Required. The resource name of the policy to retrieve. + Format: + ``policies/{attachment_point}/denypolicies/{policy_id}`` + + Use the URL-encoded full resource name, which means that + the forward-slash character, ``/``, must be written as + ``%2F``. For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iam_v2.types.Policy: + Data for an IAM policy. + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = policy.GetPolicyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def create_policy( + self, + request: Union[gi_policy.CreatePolicyRequest, dict] = None, + *, + parent: str = None, + policy: gi_policy.Policy = None, + policy_id: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operation_async.AsyncOperation: + r"""Creates a policy. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + async def sample_create_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.CreatePolicyRequest( + parent="parent_value", + ) + + # Make the request + operation = client.create_policy(request=request) + + print("Waiting for operation to complete...") + + response = await operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.CreatePolicyRequest, dict]): + The request object. Request message for `CreatePolicy`. + parent (:class:`str`): + Required. The resource that the policy is attached to, + along with the kind of policy to create. Format: + ``policies/{attachment_point}/denypolicies`` + + The attachment point is identified by its URL-encoded + full resource name, which means that the forward-slash + character, ``/``, must be written as ``%2F``. For + example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + policy (:class:`google.cloud.iam_v2.types.Policy`): + Required. The policy to create. + This corresponds to the ``policy`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + policy_id (:class:`str`): + The ID to use for this policy, which will become the + final component of the policy's resource name. The ID + must contain 3 to 63 characters. It can contain + lowercase letters and numbers, as well as dashes (``-``) + and periods (``.``). The first character must be a + lowercase letter. + + This corresponds to the ``policy_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.api_core.operation_async.AsyncOperation: + An object representing a long-running operation. + + The result type for the operation will be + :class:`google.cloud.iam_v2.types.Policy` Data for an + IAM policy. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent, policy, policy_id]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = gi_policy.CreatePolicyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if policy is not None: + request.policy = policy + if policy_id is not None: + request.policy_id = policy_id + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation_async.from_gapic( + response, + self._client._transport.operations_client, + gi_policy.Policy, + metadata_type=gi_policy.PolicyOperationMetadata, + ) + + # Done; return the response. + return response + + async def update_policy( + self, + request: Union[policy.UpdatePolicyRequest, dict] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operation_async.AsyncOperation: + r"""Updates the specified policy. + + You can update only the rules and the display name for the + policy. + + To update a policy, you should use a read-modify-write loop: + + 1. Use [GetPolicy][google.iam.v2.Policies.GetPolicy] to read the + current version of the policy. + 2. Modify the policy as needed. + 3. Use ``UpdatePolicy`` to write the updated policy. + + This pattern helps prevent conflicts between concurrent updates. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + async def sample_update_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.UpdatePolicyRequest( + ) + + # Make the request + operation = client.update_policy(request=request) + + print("Waiting for operation to complete...") + + response = await operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.UpdatePolicyRequest, dict]): + The request object. Request message for `UpdatePolicy`. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.api_core.operation_async.AsyncOperation: + An object representing a long-running operation. + + The result type for the operation will be + :class:`google.cloud.iam_v2.types.Policy` Data for an + IAM policy. + + """ + # Create or coerce a protobuf request object. + request = policy.UpdatePolicyRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.update_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("policy.name", request.policy.name),) + ), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation_async.from_gapic( + response, + self._client._transport.operations_client, + policy.Policy, + metadata_type=policy.PolicyOperationMetadata, + ) + + # Done; return the response. + return response + + async def delete_policy( + self, + request: Union[policy.DeletePolicyRequest, dict] = None, + *, + name: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operation_async.AsyncOperation: + r"""Deletes a policy. This action is permanent. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + async def sample_delete_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.DeletePolicyRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_policy(request=request) + + print("Waiting for operation to complete...") + + response = await operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.DeletePolicyRequest, dict]): + The request object. Request message for `DeletePolicy`. + name (:class:`str`): + Required. The resource name of the policy to delete. + Format: + ``policies/{attachment_point}/denypolicies/{policy_id}`` + + Use the URL-encoded full resource name, which means that + the forward-slash character, ``/``, must be written as + ``%2F``. For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.api_core.operation_async.AsyncOperation: + An object representing a long-running operation. + + The result type for the operation will be + :class:`google.cloud.iam_v2.types.Policy` Data for an + IAM policy. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = policy.DeletePolicyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.delete_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation_async.from_gapic( + response, + self._client._transport.operations_client, + policy.Policy, + metadata_type=policy.PolicyOperationMetadata, + ) + + # Done; return the response. + return response + + async def get_operation( + self, + request: operations_pb2.GetOperationRequest = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Gets the latest state of a long-running operation. + + Args: + request (:class:`~.operations_pb2.GetOperationRequest`): + The request object. Request message for + `GetOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.operations_pb2.Operation: + An ``Operation`` object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.GetOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._client._transport.get_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def __aenter__(self): + return self + + async def __aexit__(self, exc_type, exc, tb): + await self.transport.close() + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-iam", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("PoliciesAsyncClient",) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/client.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/client.py new file mode 100644 index 000000000000..d503855420c5 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/client.py @@ -0,0 +1,1113 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +import os +import re +from typing import Dict, Mapping, Optional, Sequence, Tuple, Type, Union + +from google.api_core import client_options as client_options_lib +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry as retries +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.oauth2 import service_account # type: ignore +import pkg_resources + +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object] # type: ignore + +from google.api_core import operation # type: ignore +from google.api_core import operation_async # type: ignore +from google.longrunning import operations_pb2 +from google.protobuf import timestamp_pb2 # type: ignore + +from google.cloud.iam_v2.services.policies import pagers +from google.cloud.iam_v2.types import policy +from google.cloud.iam_v2.types import policy as gi_policy + +from .transports.base import DEFAULT_CLIENT_INFO, PoliciesTransport +from .transports.grpc import PoliciesGrpcTransport +from .transports.grpc_asyncio import PoliciesGrpcAsyncIOTransport + + +class PoliciesClientMeta(type): + """Metaclass for the Policies client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + + _transport_registry = OrderedDict() # type: Dict[str, Type[PoliciesTransport]] + _transport_registry["grpc"] = PoliciesGrpcTransport + _transport_registry["grpc_asyncio"] = PoliciesGrpcAsyncIOTransport + + def get_transport_class( + cls, + label: str = None, + ) -> Type[PoliciesTransport]: + """Returns an appropriate transport class. + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class PoliciesClient(metaclass=PoliciesClientMeta): + """An interface for managing Identity and Access Management + (IAM) policies. + """ + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Converts api endpoint to mTLS endpoint. + + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + DEFAULT_ENDPOINT = "iam.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PoliciesClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PoliciesClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file(filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> PoliciesTransport: + """Returns the transport used by the client instance. + + Returns: + PoliciesTransport: The transport used by the client + instance. + """ + return self._transport + + @staticmethod + def common_billing_account_path( + billing_account: str, + ) -> str: + """Returns a fully-qualified billing_account string.""" + return "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + + @staticmethod + def parse_common_billing_account_path(path: str) -> Dict[str, str]: + """Parse a billing_account path into its component segments.""" + m = re.match(r"^billingAccounts/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_folder_path( + folder: str, + ) -> str: + """Returns a fully-qualified folder string.""" + return "folders/{folder}".format( + folder=folder, + ) + + @staticmethod + def parse_common_folder_path(path: str) -> Dict[str, str]: + """Parse a folder path into its component segments.""" + m = re.match(r"^folders/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_organization_path( + organization: str, + ) -> str: + """Returns a fully-qualified organization string.""" + return "organizations/{organization}".format( + organization=organization, + ) + + @staticmethod + def parse_common_organization_path(path: str) -> Dict[str, str]: + """Parse a organization path into its component segments.""" + m = re.match(r"^organizations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_project_path( + project: str, + ) -> str: + """Returns a fully-qualified project string.""" + return "projects/{project}".format( + project=project, + ) + + @staticmethod + def parse_common_project_path(path: str) -> Dict[str, str]: + """Parse a project path into its component segments.""" + m = re.match(r"^projects/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_location_path( + project: str, + location: str, + ) -> str: + """Returns a fully-qualified location string.""" + return "projects/{project}/locations/{location}".format( + project=project, + location=location, + ) + + @staticmethod + def parse_common_location_path(path: str) -> Dict[str, str]: + """Parse a location path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @classmethod + def get_mtls_endpoint_and_cert_source( + cls, client_options: Optional[client_options_lib.ClientOptions] = None + ): + """Return the API endpoint and client cert source for mutual TLS. + + The client cert source is determined in the following order: + (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the + client cert source is None. + (2) if `client_options.client_cert_source` is provided, use the provided one; if the + default client cert source exists, use the default one; otherwise the client cert + source is None. + + The API endpoint is determined in the following order: + (1) if `client_options.api_endpoint` if provided, use the provided one. + (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the + default mTLS endpoint; if the environment variabel is "never", use the default API + endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise + use the default API endpoint. + + More details can be found at https://google.aip.dev/auth/4114. + + Args: + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. Only the `api_endpoint` and `client_cert_source` properties may be used + in this method. + + Returns: + Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the + client cert source to use. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If any errors happen. + """ + if client_options is None: + client_options = client_options_lib.ClientOptions() + use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") + use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") + if use_client_cert not in ("true", "false"): + raise ValueError( + "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" + ) + if use_mtls_endpoint not in ("auto", "never", "always"): + raise MutualTLSChannelError( + "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" + ) + + # Figure out the client cert source to use. + client_cert_source = None + if use_client_cert == "true": + if client_options.client_cert_source: + client_cert_source = client_options.client_cert_source + elif mtls.has_default_client_cert_source(): + client_cert_source = mtls.default_client_cert_source() + + # Figure out which api endpoint to use. + if client_options.api_endpoint is not None: + api_endpoint = client_options.api_endpoint + elif use_mtls_endpoint == "always" or ( + use_mtls_endpoint == "auto" and client_cert_source + ): + api_endpoint = cls.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = cls.DEFAULT_ENDPOINT + + return api_endpoint, client_cert_source + + def __init__( + self, + *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Union[str, PoliciesTransport, None] = None, + client_options: Optional[client_options_lib.ClientOptions] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the policies client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, PoliciesTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. It won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + if isinstance(client_options, dict): + client_options = client_options_lib.from_dict(client_options) + if client_options is None: + client_options = client_options_lib.ClientOptions() + + api_endpoint, client_cert_source_func = self.get_mtls_endpoint_and_cert_source( + client_options + ) + + api_key_value = getattr(client_options, "api_key", None) + if api_key_value and credentials: + raise ValueError( + "client_options.api_key and credentials are mutually exclusive" + ) + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + if isinstance(transport, PoliciesTransport): + # transport is a PoliciesTransport instance. + if credentials or client_options.credentials_file or api_key_value: + raise ValueError( + "When providing a transport instance, " + "provide its credentials directly." + ) + if client_options.scopes: + raise ValueError( + "When providing a transport instance, provide its scopes " + "directly." + ) + self._transport = transport + else: + import google.auth._default # type: ignore + + if api_key_value and hasattr( + google.auth._default, "get_api_key_credentials" + ): + credentials = google.auth._default.get_api_key_credentials( + api_key_value + ) + + Transport = type(self).get_transport_class(transport) + self._transport = Transport( + credentials=credentials, + credentials_file=client_options.credentials_file, + host=api_endpoint, + scopes=client_options.scopes, + client_cert_source_for_mtls=client_cert_source_func, + quota_project_id=client_options.quota_project_id, + client_info=client_info, + always_use_jwt_access=True, + api_audience=client_options.api_audience, + ) + + def list_policies( + self, + request: Union[policy.ListPoliciesRequest, dict] = None, + *, + parent: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListPoliciesPager: + r"""Retrieves the policies of the specified kind that are + attached to a resource. + + The response lists only policy metadata. In particular, + policy rules are omitted. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + def sample_list_policies(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.ListPoliciesRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_policies(request=request) + + # Handle the response + for response in page_result: + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.ListPoliciesRequest, dict]): + The request object. Request message for `ListPolicies`. + parent (str): + Required. The resource that the policy is attached to, + along with the kind of policy to list. Format: + ``policies/{attachment_point}/denypolicies`` + + The attachment point is identified by its URL-encoded + full resource name, which means that the forward-slash + character, ``/``, must be written as ``%2F``. For + example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iam_v2.services.policies.pagers.ListPoliciesPager: + Response message for ListPolicies. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a policy.ListPoliciesRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, policy.ListPoliciesRequest): + request = policy.ListPoliciesRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_policies] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListPoliciesPager( + method=rpc, + request=request, + response=response, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_policy( + self, + request: Union[policy.GetPolicyRequest, dict] = None, + *, + name: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy.Policy: + r"""Gets a policy. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + def sample_get_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.GetPolicyRequest( + name="name_value", + ) + + # Make the request + response = client.get_policy(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.GetPolicyRequest, dict]): + The request object. Request message for `GetPolicy`. + name (str): + Required. The resource name of the policy to retrieve. + Format: + ``policies/{attachment_point}/denypolicies/{policy_id}`` + + Use the URL-encoded full resource name, which means that + the forward-slash character, ``/``, must be written as + ``%2F``. For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iam_v2.types.Policy: + Data for an IAM policy. + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a policy.GetPolicyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, policy.GetPolicyRequest): + request = policy.GetPolicyRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def create_policy( + self, + request: Union[gi_policy.CreatePolicyRequest, dict] = None, + *, + parent: str = None, + policy: gi_policy.Policy = None, + policy_id: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operation.Operation: + r"""Creates a policy. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + def sample_create_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.CreatePolicyRequest( + parent="parent_value", + ) + + # Make the request + operation = client.create_policy(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.CreatePolicyRequest, dict]): + The request object. Request message for `CreatePolicy`. + parent (str): + Required. The resource that the policy is attached to, + along with the kind of policy to create. Format: + ``policies/{attachment_point}/denypolicies`` + + The attachment point is identified by its URL-encoded + full resource name, which means that the forward-slash + character, ``/``, must be written as ``%2F``. For + example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + policy (google.cloud.iam_v2.types.Policy): + Required. The policy to create. + This corresponds to the ``policy`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + policy_id (str): + The ID to use for this policy, which will become the + final component of the policy's resource name. The ID + must contain 3 to 63 characters. It can contain + lowercase letters and numbers, as well as dashes (``-``) + and periods (``.``). The first character must be a + lowercase letter. + + This corresponds to the ``policy_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.api_core.operation.Operation: + An object representing a long-running operation. + + The result type for the operation will be + :class:`google.cloud.iam_v2.types.Policy` Data for an + IAM policy. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent, policy, policy_id]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a gi_policy.CreatePolicyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, gi_policy.CreatePolicyRequest): + request = gi_policy.CreatePolicyRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if policy is not None: + request.policy = policy + if policy_id is not None: + request.policy_id = policy_id + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation.from_gapic( + response, + self._transport.operations_client, + gi_policy.Policy, + metadata_type=gi_policy.PolicyOperationMetadata, + ) + + # Done; return the response. + return response + + def update_policy( + self, + request: Union[policy.UpdatePolicyRequest, dict] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operation.Operation: + r"""Updates the specified policy. + + You can update only the rules and the display name for the + policy. + + To update a policy, you should use a read-modify-write loop: + + 1. Use [GetPolicy][google.iam.v2.Policies.GetPolicy] to read the + current version of the policy. + 2. Modify the policy as needed. + 3. Use ``UpdatePolicy`` to write the updated policy. + + This pattern helps prevent conflicts between concurrent updates. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + def sample_update_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.UpdatePolicyRequest( + ) + + # Make the request + operation = client.update_policy(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.UpdatePolicyRequest, dict]): + The request object. Request message for `UpdatePolicy`. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.api_core.operation.Operation: + An object representing a long-running operation. + + The result type for the operation will be + :class:`google.cloud.iam_v2.types.Policy` Data for an + IAM policy. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a policy.UpdatePolicyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, policy.UpdatePolicyRequest): + request = policy.UpdatePolicyRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.update_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("policy.name", request.policy.name),) + ), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation.from_gapic( + response, + self._transport.operations_client, + policy.Policy, + metadata_type=policy.PolicyOperationMetadata, + ) + + # Done; return the response. + return response + + def delete_policy( + self, + request: Union[policy.DeletePolicyRequest, dict] = None, + *, + name: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operation.Operation: + r"""Deletes a policy. This action is permanent. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import iam_v2 + + def sample_delete_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.DeletePolicyRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_policy(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.iam_v2.types.DeletePolicyRequest, dict]): + The request object. Request message for `DeletePolicy`. + name (str): + Required. The resource name of the policy to delete. + Format: + ``policies/{attachment_point}/denypolicies/{policy_id}`` + + Use the URL-encoded full resource name, which means that + the forward-slash character, ``/``, must be written as + ``%2F``. For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.api_core.operation.Operation: + An object representing a long-running operation. + + The result type for the operation will be + :class:`google.cloud.iam_v2.types.Policy` Data for an + IAM policy. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a policy.DeletePolicyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, policy.DeletePolicyRequest): + request = policy.DeletePolicyRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.delete_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation.from_gapic( + response, + self._transport.operations_client, + policy.Policy, + metadata_type=policy.PolicyOperationMetadata, + ) + + # Done; return the response. + return response + + def __enter__(self): + return self + + def __exit__(self, type, value, traceback): + """Releases underlying transport's resources. + + .. warning:: + ONLY use as a context manager if the transport is NOT shared + with other clients! Exiting the with block will CLOSE the transport + and may cause errors in other clients! + """ + self.transport.close() + + def get_operation( + self, + request: operations_pb2.GetOperationRequest = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Gets the latest state of a long-running operation. + + Args: + request (:class:`~.operations_pb2.GetOperationRequest`): + The request object. Request message for + `GetOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.operations_pb2.Operation: + An ``Operation`` object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.GetOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.get_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-iam", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("PoliciesClient",) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/pagers.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/pagers.py new file mode 100644 index 000000000000..2129b65ef109 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/pagers.py @@ -0,0 +1,155 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from typing import ( + Any, + AsyncIterator, + Awaitable, + Callable, + Iterator, + Optional, + Sequence, + Tuple, +) + +from google.cloud.iam_v2.types import policy + + +class ListPoliciesPager: + """A pager for iterating through ``list_policies`` requests. + + This class thinly wraps an initial + :class:`google.cloud.iam_v2.types.ListPoliciesResponse` object, and + provides an ``__iter__`` method to iterate through its + ``policies`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListPolicies`` requests and continue to iterate + through the ``policies`` field on the + corresponding responses. + + All the usual :class:`google.cloud.iam_v2.types.ListPoliciesResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., policy.ListPoliciesResponse], + request: policy.ListPoliciesRequest, + response: policy.ListPoliciesResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.iam_v2.types.ListPoliciesRequest): + The initial request object. + response (google.cloud.iam_v2.types.ListPoliciesResponse): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = policy.ListPoliciesRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterator[policy.ListPoliciesResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterator[policy.Policy]: + for page in self.pages: + yield from page.policies + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListPoliciesAsyncPager: + """A pager for iterating through ``list_policies`` requests. + + This class thinly wraps an initial + :class:`google.cloud.iam_v2.types.ListPoliciesResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``policies`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListPolicies`` requests and continue to iterate + through the ``policies`` field on the + corresponding responses. + + All the usual :class:`google.cloud.iam_v2.types.ListPoliciesResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., Awaitable[policy.ListPoliciesResponse]], + request: policy.ListPoliciesRequest, + response: policy.ListPoliciesResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiates the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.iam_v2.types.ListPoliciesRequest): + The initial request object. + response (google.cloud.iam_v2.types.ListPoliciesResponse): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = policy.ListPoliciesRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterator[policy.ListPoliciesResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, metadata=self._metadata) + yield self._response + + def __aiter__(self) -> AsyncIterator[policy.Policy]: + async def async_generator(): + async for page in self.pages: + for response in page.policies: + yield response + + return async_generator() + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/__init__.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/__init__.py new file mode 100644 index 000000000000..1b3a90aa2e44 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/__init__.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from typing import Dict, Type + +from .base import PoliciesTransport +from .grpc import PoliciesGrpcTransport +from .grpc_asyncio import PoliciesGrpcAsyncIOTransport + +# Compile a registry of transports. +_transport_registry = OrderedDict() # type: Dict[str, Type[PoliciesTransport]] +_transport_registry["grpc"] = PoliciesGrpcTransport +_transport_registry["grpc_asyncio"] = PoliciesGrpcAsyncIOTransport + +__all__ = ( + "PoliciesTransport", + "PoliciesGrpcTransport", + "PoliciesGrpcAsyncIOTransport", +) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/base.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/base.py new file mode 100644 index 000000000000..f90a697c4786 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/base.py @@ -0,0 +1,276 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import abc +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union + +import google.api_core +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1, operations_v1 +from google.api_core import retry as retries +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.longrunning import operations_pb2 # type: ignore +from google.oauth2 import service_account # type: ignore +import pkg_resources + +from google.cloud.iam_v2.types import policy +from google.cloud.iam_v2.types import policy as gi_policy + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-iam", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +class PoliciesTransport(abc.ABC): + """Abstract transport class for Policies.""" + + AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",) + + DEFAULT_HOST: str = "iam.googleapis.com" + + def __init__( + self, + *, + host: str = DEFAULT_HOST, + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + """ + + scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} + + # Save the scopes. + self._scopes = scopes + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise core_exceptions.DuplicateCredentialArgs( + "'credentials_file' and 'credentials' are mutually exclusive" + ) + + if credentials_file is not None: + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, **scopes_kwargs, quota_project_id=quota_project_id + ) + elif credentials is None: + credentials, _ = google.auth.default( + **scopes_kwargs, quota_project_id=quota_project_id + ) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience( + api_audience if api_audience else host + ) + + # If the credentials are service account credentials, then always try to use self signed JWT. + if ( + always_use_jwt_access + and isinstance(credentials, service_account.Credentials) + and hasattr(service_account.Credentials, "with_always_use_jwt_access") + ): + credentials = credentials.with_always_use_jwt_access(True) + + # Save the credentials. + self._credentials = credentials + + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + + def _prep_wrapped_messages(self, client_info): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.list_policies: gapic_v1.method.wrap_method( + self.list_policies, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=client_info, + ), + self.get_policy: gapic_v1.method.wrap_method( + self.get_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=client_info, + ), + self.create_policy: gapic_v1.method.wrap_method( + self.create_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=client_info, + ), + self.update_policy: gapic_v1.method.wrap_method( + self.update_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=client_info, + ), + self.delete_policy: gapic_v1.method.wrap_method( + self.delete_policy, + default_retry=retries.Retry( + initial=1.0, + maximum=10.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.ServiceUnavailable, + ), + deadline=60.0, + ), + default_timeout=60.0, + client_info=client_info, + ), + } + + def close(self): + """Closes resources associated with the transport. + + .. warning:: + Only call this method if the transport is NOT shared + with other clients - this may cause errors in other clients! + """ + raise NotImplementedError() + + @property + def operations_client(self): + """Return the client designed to process long-running operations.""" + raise NotImplementedError() + + @property + def list_policies( + self, + ) -> Callable[ + [policy.ListPoliciesRequest], + Union[policy.ListPoliciesResponse, Awaitable[policy.ListPoliciesResponse]], + ]: + raise NotImplementedError() + + @property + def get_policy( + self, + ) -> Callable[ + [policy.GetPolicyRequest], Union[policy.Policy, Awaitable[policy.Policy]] + ]: + raise NotImplementedError() + + @property + def create_policy( + self, + ) -> Callable[ + [gi_policy.CreatePolicyRequest], + Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], + ]: + raise NotImplementedError() + + @property + def update_policy( + self, + ) -> Callable[ + [policy.UpdatePolicyRequest], + Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], + ]: + raise NotImplementedError() + + @property + def delete_policy( + self, + ) -> Callable[ + [policy.DeletePolicyRequest], + Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], + ]: + raise NotImplementedError() + + @property + def get_operation( + self, + ) -> Callable[ + [operations_pb2.GetOperationRequest], + Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], + ]: + raise NotImplementedError() + + @property + def kind(self) -> str: + raise NotImplementedError() + + +__all__ = ("PoliciesTransport",) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc.py new file mode 100644 index 000000000000..f09c3451f4df --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc.py @@ -0,0 +1,418 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from typing import Callable, Dict, Optional, Sequence, Tuple, Union +import warnings + +from google.api_core import gapic_v1, grpc_helpers, operations_v1 +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.longrunning import operations_pb2 # type: ignore +import grpc # type: ignore + +from google.cloud.iam_v2.types import policy +from google.cloud.iam_v2.types import policy as gi_policy + +from .base import DEFAULT_CLIENT_INFO, PoliciesTransport + + +class PoliciesGrpcTransport(PoliciesTransport): + """gRPC backend transport for Policies. + + An interface for managing Identity and Access Management + (IAM) policies. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _stubs: Dict[str, Callable] + + def __init__( + self, + *, + host: str = "iam.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Sequence[str] = None, + channel: grpc.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + channel (Optional[grpc.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client: Optional[operations_v1.OperationsClient] = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + # use the credentials which are saved + credentials=self._credentials, + # Set ``credentials_file`` to ``None`` here as + # the credentials that we saved earlier should be used. + credentials_file=None, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @classmethod + def create_channel( + cls, + host: str = "iam.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Return the channel designed to connect to this service.""" + return self._grpc_channel + + @property + def operations_client(self) -> operations_v1.OperationsClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Quick check: Only create a new client if we do not already have one. + if self._operations_client is None: + self._operations_client = operations_v1.OperationsClient(self.grpc_channel) + + # Return the client from cache. + return self._operations_client + + @property + def list_policies( + self, + ) -> Callable[[policy.ListPoliciesRequest], policy.ListPoliciesResponse]: + r"""Return a callable for the list policies method over gRPC. + + Retrieves the policies of the specified kind that are + attached to a resource. + + The response lists only policy metadata. In particular, + policy rules are omitted. + + Returns: + Callable[[~.ListPoliciesRequest], + ~.ListPoliciesResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_policies" not in self._stubs: + self._stubs["list_policies"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/ListPolicies", + request_serializer=policy.ListPoliciesRequest.serialize, + response_deserializer=policy.ListPoliciesResponse.deserialize, + ) + return self._stubs["list_policies"] + + @property + def get_policy(self) -> Callable[[policy.GetPolicyRequest], policy.Policy]: + r"""Return a callable for the get policy method over gRPC. + + Gets a policy. + + Returns: + Callable[[~.GetPolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_policy" not in self._stubs: + self._stubs["get_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/GetPolicy", + request_serializer=policy.GetPolicyRequest.serialize, + response_deserializer=policy.Policy.deserialize, + ) + return self._stubs["get_policy"] + + @property + def create_policy( + self, + ) -> Callable[[gi_policy.CreatePolicyRequest], operations_pb2.Operation]: + r"""Return a callable for the create policy method over gRPC. + + Creates a policy. + + Returns: + Callable[[~.CreatePolicyRequest], + ~.Operation]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_policy" not in self._stubs: + self._stubs["create_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/CreatePolicy", + request_serializer=gi_policy.CreatePolicyRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["create_policy"] + + @property + def update_policy( + self, + ) -> Callable[[policy.UpdatePolicyRequest], operations_pb2.Operation]: + r"""Return a callable for the update policy method over gRPC. + + Updates the specified policy. + + You can update only the rules and the display name for the + policy. + + To update a policy, you should use a read-modify-write loop: + + 1. Use [GetPolicy][google.iam.v2.Policies.GetPolicy] to read the + current version of the policy. + 2. Modify the policy as needed. + 3. Use ``UpdatePolicy`` to write the updated policy. + + This pattern helps prevent conflicts between concurrent updates. + + Returns: + Callable[[~.UpdatePolicyRequest], + ~.Operation]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_policy" not in self._stubs: + self._stubs["update_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/UpdatePolicy", + request_serializer=policy.UpdatePolicyRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["update_policy"] + + @property + def delete_policy( + self, + ) -> Callable[[policy.DeletePolicyRequest], operations_pb2.Operation]: + r"""Return a callable for the delete policy method over gRPC. + + Deletes a policy. This action is permanent. + + Returns: + Callable[[~.DeletePolicyRequest], + ~.Operation]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_policy" not in self._stubs: + self._stubs["delete_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/DeletePolicy", + request_serializer=policy.DeletePolicyRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["delete_policy"] + + def close(self): + self.grpc_channel.close() + + @property + def get_operation( + self, + ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: + r"""Return a callable for the get_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_operation" not in self._stubs: + self._stubs["get_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/GetOperation", + request_serializer=operations_pb2.GetOperationRequest.SerializeToString, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["get_operation"] + + @property + def kind(self) -> str: + return "grpc" + + +__all__ = ("PoliciesGrpcTransport",) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc_asyncio.py b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc_asyncio.py new file mode 100644 index 000000000000..12615315476c --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/services/policies/transports/grpc_asyncio.py @@ -0,0 +1,421 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union +import warnings + +from google.api_core import gapic_v1, grpc_helpers_async, operations_v1 +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.longrunning import operations_pb2 # type: ignore +import grpc # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.iam_v2.types import policy +from google.cloud.iam_v2.types import policy as gi_policy + +from .base import DEFAULT_CLIENT_INFO, PoliciesTransport +from .grpc import PoliciesGrpcTransport + + +class PoliciesGrpcAsyncIOTransport(PoliciesTransport): + """gRPC AsyncIO backend transport for Policies. + + An interface for managing Identity and Access Management + (IAM) policies. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel( + cls, + host: str = "iam.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + def __init__( + self, + *, + host: str = "iam.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: aio.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id=None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[aio.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client: Optional[operations_v1.OperationsAsyncClient] = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + # use the credentials which are saved + credentials=self._credentials, + # Set ``credentials_file`` to ``None`` here as + # the credentials that we saved earlier should be used. + credentials_file=None, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Return the channel from cache. + return self._grpc_channel + + @property + def operations_client(self) -> operations_v1.OperationsAsyncClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Quick check: Only create a new client if we do not already have one. + if self._operations_client is None: + self._operations_client = operations_v1.OperationsAsyncClient( + self.grpc_channel + ) + + # Return the client from cache. + return self._operations_client + + @property + def list_policies( + self, + ) -> Callable[[policy.ListPoliciesRequest], Awaitable[policy.ListPoliciesResponse]]: + r"""Return a callable for the list policies method over gRPC. + + Retrieves the policies of the specified kind that are + attached to a resource. + + The response lists only policy metadata. In particular, + policy rules are omitted. + + Returns: + Callable[[~.ListPoliciesRequest], + Awaitable[~.ListPoliciesResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_policies" not in self._stubs: + self._stubs["list_policies"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/ListPolicies", + request_serializer=policy.ListPoliciesRequest.serialize, + response_deserializer=policy.ListPoliciesResponse.deserialize, + ) + return self._stubs["list_policies"] + + @property + def get_policy( + self, + ) -> Callable[[policy.GetPolicyRequest], Awaitable[policy.Policy]]: + r"""Return a callable for the get policy method over gRPC. + + Gets a policy. + + Returns: + Callable[[~.GetPolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_policy" not in self._stubs: + self._stubs["get_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/GetPolicy", + request_serializer=policy.GetPolicyRequest.serialize, + response_deserializer=policy.Policy.deserialize, + ) + return self._stubs["get_policy"] + + @property + def create_policy( + self, + ) -> Callable[[gi_policy.CreatePolicyRequest], Awaitable[operations_pb2.Operation]]: + r"""Return a callable for the create policy method over gRPC. + + Creates a policy. + + Returns: + Callable[[~.CreatePolicyRequest], + Awaitable[~.Operation]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_policy" not in self._stubs: + self._stubs["create_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/CreatePolicy", + request_serializer=gi_policy.CreatePolicyRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["create_policy"] + + @property + def update_policy( + self, + ) -> Callable[[policy.UpdatePolicyRequest], Awaitable[operations_pb2.Operation]]: + r"""Return a callable for the update policy method over gRPC. + + Updates the specified policy. + + You can update only the rules and the display name for the + policy. + + To update a policy, you should use a read-modify-write loop: + + 1. Use [GetPolicy][google.iam.v2.Policies.GetPolicy] to read the + current version of the policy. + 2. Modify the policy as needed. + 3. Use ``UpdatePolicy`` to write the updated policy. + + This pattern helps prevent conflicts between concurrent updates. + + Returns: + Callable[[~.UpdatePolicyRequest], + Awaitable[~.Operation]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_policy" not in self._stubs: + self._stubs["update_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/UpdatePolicy", + request_serializer=policy.UpdatePolicyRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["update_policy"] + + @property + def delete_policy( + self, + ) -> Callable[[policy.DeletePolicyRequest], Awaitable[operations_pb2.Operation]]: + r"""Return a callable for the delete policy method over gRPC. + + Deletes a policy. This action is permanent. + + Returns: + Callable[[~.DeletePolicyRequest], + Awaitable[~.Operation]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_policy" not in self._stubs: + self._stubs["delete_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v2.Policies/DeletePolicy", + request_serializer=policy.DeletePolicyRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["delete_policy"] + + def close(self): + return self.grpc_channel.close() + + @property + def get_operation( + self, + ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: + r"""Return a callable for the get_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_operation" not in self._stubs: + self._stubs["get_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/GetOperation", + request_serializer=operations_pb2.GetOperationRequest.SerializeToString, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["get_operation"] + + +__all__ = ("PoliciesGrpcAsyncIOTransport",) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/types/__init__.py b/packages/google-cloud-iam/google/cloud/iam_v2/types/__init__.py new file mode 100644 index 000000000000..237009d555da --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/types/__init__.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .deny import DenyRule +from .policy import ( + CreatePolicyRequest, + DeletePolicyRequest, + GetPolicyRequest, + ListPoliciesRequest, + ListPoliciesResponse, + Policy, + PolicyOperationMetadata, + PolicyRule, + UpdatePolicyRequest, +) + +__all__ = ( + "DenyRule", + "CreatePolicyRequest", + "DeletePolicyRequest", + "GetPolicyRequest", + "ListPoliciesRequest", + "ListPoliciesResponse", + "Policy", + "PolicyOperationMetadata", + "PolicyRule", + "UpdatePolicyRequest", +) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/types/deny.py b/packages/google-cloud-iam/google/cloud/iam_v2/types/deny.py new file mode 100644 index 000000000000..a3dd76c58659 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/types/deny.py @@ -0,0 +1,141 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from google.type import expr_pb2 # type: ignore +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.iam.v2", + manifest={ + "DenyRule", + }, +) + + +class DenyRule(proto.Message): + r"""A deny rule in an IAM deny policy. + + Attributes: + denied_principals (Sequence[str]): + The identities that are prevented from using one or more + permissions on Google Cloud resources. This field can + contain the following values: + + - ``principalSet://goog/public:all``: A special identifier + that represents any principal that is on the internet, + even if they do not have a Google Account or are not + logged in. + + - ``principal://goog/subject/{email_id}``: A specific + Google Account. Includes Gmail, Cloud Identity, and + Google Workspace user accounts. For example, + ``principal://goog/subject/alice@example.com``. + + - ``deleted:principal://goog/subject/{email_id}?uid={uid}``: + A specific Google Account that was deleted recently. For + example, + ``deleted:principal://goog/subject/alice@example.com?uid=1234567890``. + If the Google Account is recovered, this identifier + reverts to the standard identifier for a Google Account. + + - ``principalSet://goog/group/{group_id}``: A Google group. + For example, + ``principalSet://goog/group/admins@example.com``. + + - ``deleted:principalSet://goog/group/{group_id}?uid={uid}``: + A Google group that was deleted recently. For example, + ``deleted:principalSet://goog/group/admins@example.com?uid=1234567890``. + If the Google group is restored, this identifier reverts + to the standard identifier for a Google group. + + - ``principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}``: + A Google Cloud service account. For example, + ``principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com``. + + - ``deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}``: + A Google Cloud service account that was deleted recently. + For example, + ``deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890``. + If the service account is undeleted, this identifier + reverts to the standard identifier for a service account. + + - ``principalSet://goog/cloudIdentityCustomerId/{customer_id}``: + All of the principals associated with the specified + Google Workspace or Cloud Identity customer ID. For + example, + ``principalSet://goog/cloudIdentityCustomerId/C01Abc35``. + exception_principals (Sequence[str]): + The identities that are excluded from the deny rule, even if + they are listed in the ``denied_principals``. For example, + you could add a Google group to the ``denied_principals``, + then exclude specific users who belong to that group. + + This field can contain the same values as the + ``denied_principals`` field, excluding + ``principalSet://goog/public:all``, which represents all + users on the internet. + denied_permissions (Sequence[str]): + The permissions that are explicitly denied by this rule. + Each permission uses the format + ``{service_fqdn}/{resource}.{verb}``, where + ``{service_fqdn}`` is the fully qualified domain name for + the service. For example, ``iam.googleapis.com/roles.list``. + exception_permissions (Sequence[str]): + Specifies the permissions that this rule excludes from the + set of denied permissions given by ``denied_permissions``. + If a permission appears in ``denied_permissions`` *and* in + ``exception_permissions`` then it will *not* be denied. + + The excluded permissions can be specified using the same + syntax as ``denied_permissions``. + denial_condition (google.type.expr_pb2.Expr): + The condition that determines whether this deny rule applies + to a request. If the condition expression evaluates to + ``true``, then the deny rule is applied; otherwise, the deny + rule is not applied. + + Each deny rule is evaluated independently. If this deny rule + does not apply to a request, other deny rules might still + apply. + + The condition can use CEL functions that evaluate `resource + tags `__. + Other functions and operators are not supported. + """ + + denied_principals = proto.RepeatedField( + proto.STRING, + number=1, + ) + exception_principals = proto.RepeatedField( + proto.STRING, + number=2, + ) + denied_permissions = proto.RepeatedField( + proto.STRING, + number=3, + ) + exception_permissions = proto.RepeatedField( + proto.STRING, + number=4, + ) + denial_condition = proto.Field( + proto.MESSAGE, + number=5, + message=expr_pb2.Expr, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2/types/policy.py b/packages/google-cloud-iam/google/cloud/iam_v2/types/policy.py new file mode 100644 index 000000000000..d2b8165e7121 --- /dev/null +++ b/packages/google-cloud-iam/google/cloud/iam_v2/types/policy.py @@ -0,0 +1,379 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from google.protobuf import timestamp_pb2 # type: ignore +import proto # type: ignore + +from google.cloud.iam_v2.types import deny + +__protobuf__ = proto.module( + package="google.iam.v2", + manifest={ + "Policy", + "PolicyRule", + "ListPoliciesRequest", + "ListPoliciesResponse", + "GetPolicyRequest", + "CreatePolicyRequest", + "UpdatePolicyRequest", + "DeletePolicyRequest", + "PolicyOperationMetadata", + }, +) + + +class Policy(proto.Message): + r"""Data for an IAM policy. + + Attributes: + name (str): + Immutable. The resource name of the ``Policy``, which must + be unique. Format: + ``policies/{attachment_point}/denypolicies/{policy_id}`` + + The attachment point is identified by its URL-encoded full + resource name, which means that the forward-slash character, + ``/``, must be written as ``%2F``. For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, requests can use the + alphanumeric or the numeric ID. Responses always contain the + numeric ID. + uid (str): + Immutable. The globally unique ID of the ``Policy``. + Assigned automatically when the ``Policy`` is created. + kind (str): + Output only. The kind of the ``Policy``. Always contains the + value ``DenyPolicy``. + display_name (str): + A user-specified description of the ``Policy``. This value + can be up to 63 characters. + annotations (Mapping[str, str]): + A key-value map to store arbitrary metadata for the + ``Policy``. Keys can be up to 63 characters. Values can be + up to 255 characters. + etag (str): + An opaque tag that identifies the current version of the + ``Policy``. IAM uses this value to help manage concurrent + updates, so they do not cause one update to be overwritten + by another. + + If this field is present in a [CreatePolicy][] request, the + value is ignored. + create_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time when the ``Policy`` was created. + update_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time when the ``Policy`` was last updated. + delete_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time when the ``Policy`` was deleted. Empty + if the policy is not deleted. + rules (Sequence[google.cloud.iam_v2.types.PolicyRule]): + A list of rules that specify the behavior of the ``Policy``. + All of the rules should be of the ``kind`` specified in the + ``Policy``. + managing_authority (str): + Immutable. Specifies that this policy is + managed by an authority and can only be modified + by that authority. Usage is restricted. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + uid = proto.Field( + proto.STRING, + number=2, + ) + kind = proto.Field( + proto.STRING, + number=3, + ) + display_name = proto.Field( + proto.STRING, + number=4, + ) + annotations = proto.MapField( + proto.STRING, + proto.STRING, + number=5, + ) + etag = proto.Field( + proto.STRING, + number=6, + ) + create_time = proto.Field( + proto.MESSAGE, + number=7, + message=timestamp_pb2.Timestamp, + ) + update_time = proto.Field( + proto.MESSAGE, + number=8, + message=timestamp_pb2.Timestamp, + ) + delete_time = proto.Field( + proto.MESSAGE, + number=9, + message=timestamp_pb2.Timestamp, + ) + rules = proto.RepeatedField( + proto.MESSAGE, + number=10, + message="PolicyRule", + ) + managing_authority = proto.Field( + proto.STRING, + number=11, + ) + + +class PolicyRule(proto.Message): + r"""A single rule in a ``Policy``. + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + deny_rule (google.cloud.iam_v2.types.DenyRule): + A rule for a deny policy. + + This field is a member of `oneof`_ ``kind``. + description (str): + A user-specified description of the rule. + This value can be up to 256 characters. + """ + + deny_rule = proto.Field( + proto.MESSAGE, + number=2, + oneof="kind", + message=deny.DenyRule, + ) + description = proto.Field( + proto.STRING, + number=1, + ) + + +class ListPoliciesRequest(proto.Message): + r"""Request message for ``ListPolicies``. + + Attributes: + parent (str): + Required. The resource that the policy is attached to, along + with the kind of policy to list. Format: + ``policies/{attachment_point}/denypolicies`` + + The attachment point is identified by its URL-encoded full + resource name, which means that the forward-slash character, + ``/``, must be written as ``%2F``. For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + page_size (int): + The maximum number of policies to return. IAM + ignores this value and uses the value 1000. + page_token (str): + A page token received in a + [ListPoliciesResponse][google.iam.v2.ListPoliciesResponse]. + Provide this token to retrieve the next page. + """ + + parent = proto.Field( + proto.STRING, + number=1, + ) + page_size = proto.Field( + proto.INT32, + number=2, + ) + page_token = proto.Field( + proto.STRING, + number=3, + ) + + +class ListPoliciesResponse(proto.Message): + r"""Response message for ``ListPolicies``. + + Attributes: + policies (Sequence[google.cloud.iam_v2.types.Policy]): + Metadata for the policies that are attached + to the resource. + next_page_token (str): + A page token that you can use in a + [ListPoliciesRequest][google.iam.v2.ListPoliciesRequest] to + retrieve the next page. If this field is omitted, there are + no additional pages. + """ + + @property + def raw_page(self): + return self + + policies = proto.RepeatedField( + proto.MESSAGE, + number=1, + message="Policy", + ) + next_page_token = proto.Field( + proto.STRING, + number=2, + ) + + +class GetPolicyRequest(proto.Message): + r"""Request message for ``GetPolicy``. + + Attributes: + name (str): + Required. The resource name of the policy to retrieve. + Format: + ``policies/{attachment_point}/denypolicies/{policy_id}`` + + Use the URL-encoded full resource name, which means that the + forward-slash character, ``/``, must be written as ``%2F``. + For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + +class CreatePolicyRequest(proto.Message): + r"""Request message for ``CreatePolicy``. + + Attributes: + parent (str): + Required. The resource that the policy is attached to, along + with the kind of policy to create. Format: + ``policies/{attachment_point}/denypolicies`` + + The attachment point is identified by its URL-encoded full + resource name, which means that the forward-slash character, + ``/``, must be written as ``%2F``. For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + policy (google.cloud.iam_v2.types.Policy): + Required. The policy to create. + policy_id (str): + The ID to use for this policy, which will become the final + component of the policy's resource name. The ID must contain + 3 to 63 characters. It can contain lowercase letters and + numbers, as well as dashes (``-``) and periods (``.``). The + first character must be a lowercase letter. + """ + + parent = proto.Field( + proto.STRING, + number=1, + ) + policy = proto.Field( + proto.MESSAGE, + number=2, + message="Policy", + ) + policy_id = proto.Field( + proto.STRING, + number=3, + ) + + +class UpdatePolicyRequest(proto.Message): + r"""Request message for ``UpdatePolicy``. + + Attributes: + policy (google.cloud.iam_v2.types.Policy): + Required. The policy to update. + + To prevent conflicting updates, the ``etag`` value must + match the value that is stored in IAM. If the ``etag`` + values do not match, the request fails with a ``409`` error + code and ``ABORTED`` status. + """ + + policy = proto.Field( + proto.MESSAGE, + number=1, + message="Policy", + ) + + +class DeletePolicyRequest(proto.Message): + r"""Request message for ``DeletePolicy``. + + Attributes: + name (str): + Required. The resource name of the policy to delete. Format: + ``policies/{attachment_point}/denypolicies/{policy_id}`` + + Use the URL-encoded full resource name, which means that the + forward-slash character, ``/``, must be written as ``%2F``. + For example, + ``policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy``. + + For organizations and folders, use the numeric ID in the + full resource name. For projects, you can use the + alphanumeric or the numeric ID. + etag (str): + Optional. The expected ``etag`` of the policy to delete. If + the value does not match the value that is stored in IAM, + the request fails with a ``409`` error code and ``ABORTED`` + status. + + If you omit this field, the policy is deleted regardless of + its current ``etag``. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + etag = proto.Field( + proto.STRING, + number=2, + ) + + +class PolicyOperationMetadata(proto.Message): + r"""Metadata for long-running ``Policy`` operations. + + Attributes: + create_time (google.protobuf.timestamp_pb2.Timestamp): + Timestamp when the ``google.longrunning.Operation`` was + created. + """ + + create_time = proto.Field( + proto.MESSAGE, + number=1, + message=timestamp_pb2.Timestamp, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/async_client.py b/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/async_client.py index a56b005c9910..05237f967d39 100644 --- a/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/async_client.py +++ b/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/async_client.py @@ -218,6 +218,13 @@ async def list_policies( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta async def sample_list_policies(): @@ -344,6 +351,13 @@ async def get_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta async def sample_get_policy(): @@ -457,6 +471,13 @@ async def create_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta async def sample_create_policy(): @@ -617,6 +638,13 @@ async def update_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta async def sample_update_policy(): @@ -715,6 +743,13 @@ async def delete_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta async def sample_delete_policy(): diff --git a/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/client.py b/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/client.py index 430c477704e1..07f2d9dfb3d9 100644 --- a/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/client.py +++ b/packages/google-cloud-iam/google/cloud/iam_v2beta/services/policies/client.py @@ -429,6 +429,13 @@ def list_policies( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta def sample_list_policies(): @@ -546,6 +553,13 @@ def get_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta def sample_get_policy(): @@ -650,6 +664,13 @@ def create_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta def sample_create_policy(): @@ -801,6 +822,13 @@ def update_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta def sample_update_policy(): @@ -891,6 +919,13 @@ def delete_policy( .. code-block:: python + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta def sample_delete_policy(): diff --git a/packages/google-cloud-iam/mypy.ini b/packages/google-cloud-iam/mypy.ini index 4505b485436b..574c5aed394b 100644 --- a/packages/google-cloud-iam/mypy.ini +++ b/packages/google-cloud-iam/mypy.ini @@ -1,3 +1,3 @@ [mypy] -python_version = 3.6 +python_version = 3.7 namespace_packages = True diff --git a/packages/google-cloud-iam/owlbot.py b/packages/google-cloud-iam/owlbot.py index cd317c4ad2c6..cb9b5e9f71f9 100644 --- a/packages/google-cloud-iam/owlbot.py +++ b/packages/google-cloud-iam/owlbot.py @@ -62,9 +62,29 @@ def get_staging_dirs( # This library ships clients for two different APIs, # IAM and IAM credentials iam_credentials_default_version = "v1" -iam_default_version = "v2beta" +iam_default_version = "v2" for library in get_staging_dirs(iam_default_version, "iam"): + s.replace( + # workaround docstring formatting issues + library / "google/cloud/iam_v2/services/policies/*client.py", + """ + ``` + \{ + attachment_point: + 'cloudresourcemanager.googleapis.com%2Forganizations%2F212345678901' + filter: 'kind:denyPolicies' + \} + ```""", + """ + ``` + { + attachment_point: + 'cloudresourcemanager.googleapis.com%2Forganizations%2F212345678901' + filter: 'kind:denyPolicies' + } + ```""", + ) s.move([library], excludes=["setup.py", "README.rst", "docs/index.rst", "google/cloud/iam/**",]) for library in get_staging_dirs(iam_credentials_default_version, "iamcredentials"): @@ -74,7 +94,6 @@ def get_staging_dirs( templated_files = CommonTemplates().py_library( microgenerator=True, - versions=detect_versions(path="./google", default_first=True), ) s.move( [templated_files], excludes=[".coveragerc"] diff --git a/packages/google-cloud-iam/samples/__init__.py b/packages/google-cloud-iam/samples/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_async.py new file mode 100644 index 000000000000..8e9107e3f814 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_async.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CreatePolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_CreatePolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +async def sample_create_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.CreatePolicyRequest( + parent="parent_value", + ) + + # Make the request + operation = client.create_policy(request=request) + + print("Waiting for operation to complete...") + + response = await operation.result() + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_CreatePolicy_async] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_sync.py new file mode 100644 index 000000000000..0afd0143a487 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_create_policy_sync.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CreatePolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_CreatePolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +def sample_create_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.CreatePolicyRequest( + parent="parent_value", + ) + + # Make the request + operation = client.create_policy(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_CreatePolicy_sync] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_async.py new file mode 100644 index 000000000000..8169cd08b734 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_async.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for DeletePolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_DeletePolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +async def sample_delete_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.DeletePolicyRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_policy(request=request) + + print("Waiting for operation to complete...") + + response = await operation.result() + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_DeletePolicy_async] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_sync.py new file mode 100644 index 000000000000..dd7f7b16ccd2 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_delete_policy_sync.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for DeletePolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_DeletePolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +def sample_delete_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.DeletePolicyRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_policy(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_DeletePolicy_sync] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_async.py new file mode 100644 index 000000000000..5e26a38ff0b8 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_async.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetPolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_GetPolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +async def sample_get_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.GetPolicyRequest( + name="name_value", + ) + + # Make the request + response = await client.get_policy(request=request) + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_GetPolicy_async] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_sync.py new file mode 100644 index 000000000000..70a3b1f03768 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_get_policy_sync.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetPolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_GetPolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +def sample_get_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.GetPolicyRequest( + name="name_value", + ) + + # Make the request + response = client.get_policy(request=request) + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_GetPolicy_sync] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_async.py new file mode 100644 index 000000000000..86e23a3b9114 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_async.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListApplicablePolicies +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_ListApplicablePolicies_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +async def sample_list_applicable_policies(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.ListApplicablePoliciesRequest( + attachment_point="attachment_point_value", + ) + + # Make the request + page_result = client.list_applicable_policies(request=request) + + # Handle the response + async for response in page_result: + print(response) + +# [END iam_v2_generated_Policies_ListApplicablePolicies_async] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_sync.py new file mode 100644 index 000000000000..655f240ef993 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_applicable_policies_sync.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListApplicablePolicies +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_ListApplicablePolicies_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +def sample_list_applicable_policies(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.ListApplicablePoliciesRequest( + attachment_point="attachment_point_value", + ) + + # Make the request + page_result = client.list_applicable_policies(request=request) + + # Handle the response + for response in page_result: + print(response) + +# [END iam_v2_generated_Policies_ListApplicablePolicies_sync] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_async.py new file mode 100644 index 000000000000..3651a33f6f5b --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_async.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListPolicies +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_ListPolicies_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +async def sample_list_policies(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.ListPoliciesRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_policies(request=request) + + # Handle the response + async for response in page_result: + print(response) + +# [END iam_v2_generated_Policies_ListPolicies_async] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_sync.py new file mode 100644 index 000000000000..3bb0f66e270a --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_list_policies_sync.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListPolicies +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_ListPolicies_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +def sample_list_policies(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.ListPoliciesRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_policies(request=request) + + # Handle the response + for response in page_result: + print(response) + +# [END iam_v2_generated_Policies_ListPolicies_sync] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_async.py new file mode 100644 index 000000000000..9f0c19f83c04 --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_async.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for UpdatePolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_UpdatePolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +async def sample_update_policy(): + # Create a client + client = iam_v2.PoliciesAsyncClient() + + # Initialize request argument(s) + request = iam_v2.UpdatePolicyRequest( + ) + + # Make the request + operation = client.update_policy(request=request) + + print("Waiting for operation to complete...") + + response = await operation.result() + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_UpdatePolicy_async] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_sync.py new file mode 100644 index 000000000000..d5797d387a7a --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2_generated_policies_update_policy_sync.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for UpdatePolicy +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-iam + + +# [START iam_v2_generated_Policies_UpdatePolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import iam_v2 + + +def sample_update_policy(): + # Create a client + client = iam_v2.PoliciesClient() + + # Initialize request argument(s) + request = iam_v2.UpdatePolicyRequest( + ) + + # Make the request + operation = client.update_policy(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + +# [END iam_v2_generated_Policies_UpdatePolicy_sync] diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_async.py index 97095a71b102..e056ff6597b8 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_async.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_CreatePolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_sync.py index 6ffde1eb89f8..9da27d959474 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_create_policy_sync.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_CreatePolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_async.py index 9a342db14416..76a05fa87f71 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_async.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_DeletePolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_sync.py index d2754c4295cb..2654ce741f4e 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_delete_policy_sync.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_DeletePolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_async.py index d3c6a35ed299..08bf54bc7d07 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_async.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_GetPolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_sync.py index d6e7f86a1f65..91e746724f42 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_get_policy_sync.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_GetPolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_async.py index 54142db393f6..1d35774e733a 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_async.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_ListPolicies_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_sync.py index d26198c8a816..b9f37f94c8cf 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_list_policies_sync.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_ListPolicies_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_async.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_async.py index 532b7319aeba..4e47477378fb 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_async.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_UpdatePolicy_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_sync.py b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_sync.py index bd4578604d8a..9fa4f9cd60fb 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iam_v2beta_generated_policies_update_policy_sync.py @@ -24,6 +24,13 @@ # [START iam_v2beta_generated_Policies_UpdatePolicy_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_v2beta diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_async.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_async.py index c684949cf7eb..f3fe8e166443 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_async.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_GenerateAccessToken_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 @@ -34,7 +41,7 @@ async def sample_generate_access_token(): # Initialize request argument(s) request = iam_credentials_v1.GenerateAccessTokenRequest( name="name_value", - scope=['scope_value_1', 'scope_value_2'], + scope=['scope_value1', 'scope_value2'], ) # Make the request diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_sync.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_sync.py index f50c4c2a8ab9..93734d7562c9 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_access_token_sync.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_GenerateAccessToken_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 @@ -34,7 +41,7 @@ def sample_generate_access_token(): # Initialize request argument(s) request = iam_credentials_v1.GenerateAccessTokenRequest( name="name_value", - scope=['scope_value_1', 'scope_value_2'], + scope=['scope_value1', 'scope_value2'], ) # Make the request diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_async.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_async.py index e397afa8b8cc..d2c90a274f9d 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_async.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_GenerateIdToken_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_sync.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_sync.py index 2b57c7b7dacb..4e4781ae1fd6 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_generate_id_token_sync.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_GenerateIdToken_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_async.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_async.py index 630be24f15f5..dc9c95113623 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_async.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_SignBlob_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_sync.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_sync.py index bb648ccc1991..568b02de0913 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_blob_sync.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_SignBlob_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_async.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_async.py index bf2bf75b3b0a..7fc15ecd7743 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_async.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_async.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_SignJwt_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 diff --git a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_sync.py b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_sync.py index b222e948c733..181fc050a77a 100644 --- a/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_sync.py +++ b/packages/google-cloud-iam/samples/generated_samples/iamcredentials_v1_generated_iam_credentials_sign_jwt_sync.py @@ -24,6 +24,13 @@ # [START iamcredentials_v1_generated_IAMCredentials_SignJwt_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html from google.cloud import iam_credentials_v1 diff --git a/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam credentials_v1.json b/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam credentials_v1.json index 83952f7e37a3..2f4e9767b883 100644 --- a/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam credentials_v1.json +++ b/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam credentials_v1.json @@ -71,33 +71,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_GenerateAccessToken_async", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], @@ -163,33 +163,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_GenerateAccessToken_sync", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], @@ -256,33 +256,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_GenerateIdToken_async", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], @@ -348,33 +348,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_GenerateIdToken_sync", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], @@ -437,33 +437,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_SignBlob_async", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], @@ -525,33 +525,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_SignBlob_sync", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], @@ -614,33 +614,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_SignJwt_async", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], @@ -702,33 +702,33 @@ "regionTag": "iamcredentials_v1_generated_IAMCredentials_SignJwt_sync", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 39, - "start": 34, + "end": 46, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 42, - "start": 40, + "end": 49, + "start": 47, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 43, + "end": 53, + "start": 50, "type": "RESPONSE_HANDLING" } ], diff --git a/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2.json b/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2.json new file mode 100644 index 000000000000..9cd8be20587e --- /dev/null +++ b/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2.json @@ -0,0 +1,827 @@ +{ + "clientLibrary": { + "apis": [ + { + "id": "google.iam.v2", + "version": "v2" + } + ], + "language": "PYTHON", + "name": "google-cloud-iam" + }, + "snippets": [ + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient", + "shortName": "PoliciesAsyncClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient.create_policy", + "method": { + "fullName": "google.iam.v2.Policies.CreatePolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "CreatePolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.CreatePolicyRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "policy", + "type": "google.cloud.iam_v2.types.Policy" + }, + { + "name": "policy_id", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.api_core.operation_async.AsyncOperation", + "shortName": "create_policy" + }, + "description": "Sample for CreatePolicy", + "file": "iam_v2_generated_policies_create_policy_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_CreatePolicy_async", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_create_policy_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.iam_v2.PoliciesClient", + "shortName": "PoliciesClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesClient.create_policy", + "method": { + "fullName": "google.iam.v2.Policies.CreatePolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "CreatePolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.CreatePolicyRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "policy", + "type": "google.cloud.iam_v2.types.Policy" + }, + { + "name": "policy_id", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.api_core.operation.Operation", + "shortName": "create_policy" + }, + "description": "Sample for CreatePolicy", + "file": "iam_v2_generated_policies_create_policy_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_CreatePolicy_sync", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_create_policy_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient", + "shortName": "PoliciesAsyncClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient.delete_policy", + "method": { + "fullName": "google.iam.v2.Policies.DeletePolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "DeletePolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.DeletePolicyRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.api_core.operation_async.AsyncOperation", + "shortName": "delete_policy" + }, + "description": "Sample for DeletePolicy", + "file": "iam_v2_generated_policies_delete_policy_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_DeletePolicy_async", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_delete_policy_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.iam_v2.PoliciesClient", + "shortName": "PoliciesClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesClient.delete_policy", + "method": { + "fullName": "google.iam.v2.Policies.DeletePolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "DeletePolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.DeletePolicyRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.api_core.operation.Operation", + "shortName": "delete_policy" + }, + "description": "Sample for DeletePolicy", + "file": "iam_v2_generated_policies_delete_policy_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_DeletePolicy_sync", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_delete_policy_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient", + "shortName": "PoliciesAsyncClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient.get_policy", + "method": { + "fullName": "google.iam.v2.Policies.GetPolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "GetPolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.GetPolicyRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.iam_v2.types.Policy", + "shortName": "get_policy" + }, + "description": "Sample for GetPolicy", + "file": "iam_v2_generated_policies_get_policy_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_GetPolicy_async", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_get_policy_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.iam_v2.PoliciesClient", + "shortName": "PoliciesClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesClient.get_policy", + "method": { + "fullName": "google.iam.v2.Policies.GetPolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "GetPolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.GetPolicyRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.iam_v2.types.Policy", + "shortName": "get_policy" + }, + "description": "Sample for GetPolicy", + "file": "iam_v2_generated_policies_get_policy_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_GetPolicy_sync", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_get_policy_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient", + "shortName": "PoliciesAsyncClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient.list_policies", + "method": { + "fullName": "google.iam.v2.Policies.ListPolicies", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "ListPolicies" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.ListPoliciesRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.iam_v2.services.policies.pagers.ListPoliciesAsyncPager", + "shortName": "list_policies" + }, + "description": "Sample for ListPolicies", + "file": "iam_v2_generated_policies_list_policies_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_ListPolicies_async", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_list_policies_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.iam_v2.PoliciesClient", + "shortName": "PoliciesClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesClient.list_policies", + "method": { + "fullName": "google.iam.v2.Policies.ListPolicies", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "ListPolicies" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.ListPoliciesRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.iam_v2.services.policies.pagers.ListPoliciesPager", + "shortName": "list_policies" + }, + "description": "Sample for ListPolicies", + "file": "iam_v2_generated_policies_list_policies_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_ListPolicies_sync", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_list_policies_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient", + "shortName": "PoliciesAsyncClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesAsyncClient.update_policy", + "method": { + "fullName": "google.iam.v2.Policies.UpdatePolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "UpdatePolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.UpdatePolicyRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.api_core.operation_async.AsyncOperation", + "shortName": "update_policy" + }, + "description": "Sample for UpdatePolicy", + "file": "iam_v2_generated_policies_update_policy_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_UpdatePolicy_async", + "segments": [ + { + "end": 54, + "start": 27, + "type": "FULL" + }, + { + "end": 54, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 44, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 51, + "start": 45, + "type": "REQUEST_EXECUTION" + }, + { + "end": 55, + "start": 52, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_update_policy_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.iam_v2.PoliciesClient", + "shortName": "PoliciesClient" + }, + "fullName": "google.cloud.iam_v2.PoliciesClient.update_policy", + "method": { + "fullName": "google.iam.v2.Policies.UpdatePolicy", + "service": { + "fullName": "google.iam.v2.Policies", + "shortName": "Policies" + }, + "shortName": "UpdatePolicy" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.iam_v2.types.UpdatePolicyRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.api_core.operation.Operation", + "shortName": "update_policy" + }, + "description": "Sample for UpdatePolicy", + "file": "iam_v2_generated_policies_update_policy_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "iam_v2_generated_Policies_UpdatePolicy_sync", + "segments": [ + { + "end": 54, + "start": 27, + "type": "FULL" + }, + { + "end": 54, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 44, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 51, + "start": 45, + "type": "REQUEST_EXECUTION" + }, + { + "end": 55, + "start": 52, + "type": "RESPONSE_HANDLING" + } + ], + "title": "iam_v2_generated_policies_update_policy_sync.py" + } + ] +} diff --git a/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2beta.json b/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2beta.json index 7e2e68f1ed2e..bb12148de2b1 100644 --- a/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2beta.json +++ b/packages/google-cloud-iam/samples/generated_samples/snippet_metadata_iam_v2beta.json @@ -67,33 +67,33 @@ "regionTag": "iam_v2beta_generated_Policies_CreatePolicy_async", "segments": [ { - "end": 48, + "end": 55, "start": 27, "type": "FULL" }, { - "end": 48, + "end": 55, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 45, - "start": 39, + "end": 52, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 49, - "start": 46, + "end": 56, + "start": 53, "type": "RESPONSE_HANDLING" } ], @@ -155,33 +155,33 @@ "regionTag": "iam_v2beta_generated_Policies_CreatePolicy_sync", "segments": [ { - "end": 48, + "end": 55, "start": 27, "type": "FULL" }, { - "end": 48, + "end": 55, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 45, - "start": 39, + "end": 52, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 49, - "start": 46, + "end": 56, + "start": 53, "type": "RESPONSE_HANDLING" } ], @@ -236,33 +236,33 @@ "regionTag": "iam_v2beta_generated_Policies_DeletePolicy_async", "segments": [ { - "end": 48, + "end": 55, "start": 27, "type": "FULL" }, { - "end": 48, + "end": 55, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 45, - "start": 39, + "end": 52, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 49, - "start": 46, + "end": 56, + "start": 53, "type": "RESPONSE_HANDLING" } ], @@ -316,33 +316,33 @@ "regionTag": "iam_v2beta_generated_Policies_DeletePolicy_sync", "segments": [ { - "end": 48, + "end": 55, "start": 27, "type": "FULL" }, { - "end": 48, + "end": 55, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 45, - "start": 39, + "end": 52, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 49, - "start": 46, + "end": 56, + "start": 53, "type": "RESPONSE_HANDLING" } ], @@ -397,33 +397,33 @@ "regionTag": "iam_v2beta_generated_Policies_GetPolicy_async", "segments": [ { - "end": 44, + "end": 51, "start": 27, "type": "FULL" }, { - "end": 44, + "end": 51, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 41, - "start": 39, + "end": 48, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 45, - "start": 42, + "end": 52, + "start": 49, "type": "RESPONSE_HANDLING" } ], @@ -477,33 +477,33 @@ "regionTag": "iam_v2beta_generated_Policies_GetPolicy_sync", "segments": [ { - "end": 44, + "end": 51, "start": 27, "type": "FULL" }, { - "end": 44, + "end": 51, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 41, - "start": 39, + "end": 48, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 45, - "start": 42, + "end": 52, + "start": 49, "type": "RESPONSE_HANDLING" } ], @@ -558,33 +558,33 @@ "regionTag": "iam_v2beta_generated_Policies_ListPolicies_async", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 41, - "start": 39, + "end": 48, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 42, + "end": 53, + "start": 49, "type": "RESPONSE_HANDLING" } ], @@ -638,33 +638,33 @@ "regionTag": "iam_v2beta_generated_Policies_ListPolicies_sync", "segments": [ { - "end": 45, + "end": 52, "start": 27, "type": "FULL" }, { - "end": 45, + "end": 52, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 38, - "start": 34, + "end": 45, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 41, - "start": 39, + "end": 48, + "start": 46, "type": "REQUEST_EXECUTION" }, { - "end": 46, - "start": 42, + "end": 53, + "start": 49, "type": "RESPONSE_HANDLING" } ], @@ -715,33 +715,33 @@ "regionTag": "iam_v2beta_generated_Policies_UpdatePolicy_async", "segments": [ { - "end": 47, + "end": 54, "start": 27, "type": "FULL" }, { - "end": 47, + "end": 54, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 37, - "start": 34, + "end": 44, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 44, - "start": 38, + "end": 51, + "start": 45, "type": "REQUEST_EXECUTION" }, { - "end": 48, - "start": 45, + "end": 55, + "start": 52, "type": "RESPONSE_HANDLING" } ], @@ -791,33 +791,33 @@ "regionTag": "iam_v2beta_generated_Policies_UpdatePolicy_sync", "segments": [ { - "end": 47, + "end": 54, "start": 27, "type": "FULL" }, { - "end": 47, + "end": 54, "start": 27, "type": "SHORT" }, { - "end": 33, - "start": 31, + "end": 40, + "start": 38, "type": "CLIENT_INITIALIZATION" }, { - "end": 37, - "start": 34, + "end": 44, + "start": 41, "type": "REQUEST_INITIALIZATION" }, { - "end": 44, - "start": 38, + "end": 51, + "start": 45, "type": "REQUEST_EXECUTION" }, { - "end": 48, - "start": 45, + "end": 55, + "start": 52, "type": "RESPONSE_HANDLING" } ], diff --git a/packages/google-cloud-iam/samples/snippets/conftest.py b/packages/google-cloud-iam/samples/snippets/conftest.py index 8dd062568612..4fa0dea07064 100644 --- a/packages/google-cloud-iam/samples/snippets/conftest.py +++ b/packages/google-cloud-iam/samples/snippets/conftest.py @@ -16,19 +16,22 @@ import re import uuid -from _pytest.capture import CaptureFixture +from google.cloud import iam_v2 +from google.cloud.iam_v2 import types import pytest - -from create_deny_policy import create_deny_policy -from delete_deny_policy import delete_deny_policy +from samples.snippets.create_deny_policy import create_deny_policy +from samples.snippets.delete_deny_policy import delete_deny_policy PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"] GOOGLE_APPLICATION_CREDENTIALS = os.environ["GOOGLE_APPLICATION_CREDENTIALS"] @pytest.fixture -def deny_policy(capsys: CaptureFixture) -> None: - policy_id = f"limit-project-deletion-{uuid.uuid4()}" +def deny_policy(capsys: "pytest.CaptureFixture[str]") -> None: + policy_id = f"test-deny-policy-{uuid.uuid4()}" + + # Delete any existing policies. Otherwise it might throw quota issue. + delete_existing_deny_policies(PROJECT_ID, "test-deny-policy") # Create the Deny policy. create_deny_policy(PROJECT_ID, policy_id) @@ -39,3 +42,15 @@ def deny_policy(capsys: CaptureFixture) -> None: delete_deny_policy(PROJECT_ID, policy_id) out, _ = capsys.readouterr() assert re.search(f"Deleted the deny policy: {policy_id}", out) + + +def delete_existing_deny_policies(project_id: str, delete_name_prefix: str) -> None: + policies_client = iam_v2.PoliciesClient() + + attachment_point = f"cloudresourcemanager.googleapis.com%2Fprojects%2F{project_id}" + + request = types.ListPoliciesRequest() + request.parent = f"policies/{attachment_point}/denypolicies" + for policy in policies_client.list_policies(request=request): + if delete_name_prefix in policy.name: + delete_deny_policy(PROJECT_ID, str(policy.name).rsplit("/", 1)[-1]) diff --git a/packages/google-cloud-iam/samples/snippets/create_deny_policy.py b/packages/google-cloud-iam/samples/snippets/create_deny_policy.py index 1cc5e5b89c62..569e55e77a75 100644 --- a/packages/google-cloud-iam/samples/snippets/create_deny_policy.py +++ b/packages/google-cloud-iam/samples/snippets/create_deny_policy.py @@ -18,9 +18,8 @@ def create_deny_policy(project_id: str, policy_id: str) -> None: - from google.cloud import iam_v2beta - from google.cloud.iam_v2beta import types - from google.type import expr_pb2 + from google.cloud import iam_v2 + from google.cloud.iam_v2 import types """ Create a deny policy. @@ -36,7 +35,7 @@ def create_deny_policy(project_id: str, policy_id: str) -> None: project_id: ID or number of the Google Cloud project you want to use. policy_id: Specify the ID of the deny policy you want to create. """ - policies_client = iam_v2beta.PoliciesClient() + policies_client = iam_v2.PoliciesClient() # Each deny policy is attached to an organization, folder, or project. # To work with deny policies, specify the attachment point. @@ -100,9 +99,9 @@ def create_deny_policy(project_id: str, policy_id: str) -> None: request.policy = policy request.policy_id = policy_id - # Build the create policy request. - policies_client.create_policy(request=request) - print(f"Created the deny policy: {policy_id}") + # Build the create policy request and wait for the operation to complete. + result = policies_client.create_policy(request=request).result() + print(f"Created the deny policy: {result.name.rsplit('/')[-1]}") if __name__ == "__main__": diff --git a/packages/google-cloud-iam/samples/snippets/delete_deny_policy.py b/packages/google-cloud-iam/samples/snippets/delete_deny_policy.py index 769d8d2d0487..e7128dc6e325 100644 --- a/packages/google-cloud-iam/samples/snippets/delete_deny_policy.py +++ b/packages/google-cloud-iam/samples/snippets/delete_deny_policy.py @@ -16,8 +16,8 @@ # [START iam_delete_deny_policy] def delete_deny_policy(project_id: str, policy_id: str) -> None: - from google.cloud import iam_v2beta - from google.cloud.iam_v2beta import types + from google.cloud import iam_v2 + from google.cloud.iam_v2 import types """ Delete the policy if you no longer want to enforce the rules in a deny policy. @@ -25,7 +25,7 @@ def delete_deny_policy(project_id: str, policy_id: str) -> None: project_id: ID or number of the Google Cloud project you want to use. policy_id: The ID of the deny policy you want to retrieve. """ - policies_client = iam_v2beta.PoliciesClient() + policies_client = iam_v2.PoliciesClient() # Each deny policy is attached to an organization, folder, or project. # To work with deny policies, specify the attachment point. @@ -45,8 +45,8 @@ def delete_deny_policy(project_id: str, policy_id: str) -> None: request.name = f"policies/{attachment_point}/denypolicies/{policy_id}" # Create the DeletePolicy request. - policies_client.delete_policy(request=request) - print(f"Deleted the deny policy: {policy_id}") + result = policies_client.delete_policy(request=request).result() + print(f"Deleted the deny policy: {result.name.rsplit('/')[-1]}") if __name__ == "__main__": diff --git a/packages/google-cloud-iam/samples/snippets/get_deny_policy.py b/packages/google-cloud-iam/samples/snippets/get_deny_policy.py index 05183cf9f99d..9f451fb65f9c 100644 --- a/packages/google-cloud-iam/samples/snippets/get_deny_policy.py +++ b/packages/google-cloud-iam/samples/snippets/get_deny_policy.py @@ -15,17 +15,18 @@ # This file contains code samples that demonstrate how to get IAM deny policies. # [START iam_get_deny_policy] -def get_deny_policy(project_id: str, policy_id: str): - from google.cloud import iam_v2beta - from google.cloud.iam_v2beta import Policy, types +from google.cloud import iam_v2 +from google.cloud.iam_v2 import Policy, types + +def get_deny_policy(project_id: str, policy_id: str) -> Policy: """ Retrieve the deny policy given the project ID and policy ID. project_id: ID or number of the Google Cloud project you want to use. policy_id: The ID of the deny policy you want to retrieve. """ - policies_client = iam_v2beta.PoliciesClient() + policies_client = iam_v2.PoliciesClient() # Each deny policy is attached to an organization, folder, or project. # To work with deny policies, specify the attachment point. diff --git a/packages/google-cloud-iam/samples/snippets/list_deny_policies.py b/packages/google-cloud-iam/samples/snippets/list_deny_policies.py index c83eac9b5e69..106794f52beb 100644 --- a/packages/google-cloud-iam/samples/snippets/list_deny_policies.py +++ b/packages/google-cloud-iam/samples/snippets/list_deny_policies.py @@ -16,8 +16,8 @@ # [START iam_list_deny_policy] def list_deny_policy(project_id: str) -> None: - from google.cloud import iam_v2beta - from google.cloud.iam_v2beta import types + from google.cloud import iam_v2 + from google.cloud.iam_v2 import types """ List all the deny policies that are attached to a resource. @@ -25,7 +25,7 @@ def list_deny_policy(project_id: str) -> None: project_id: ID or number of the Google Cloud project you want to use. """ - policies_client = iam_v2beta.PoliciesClient() + policies_client = iam_v2.PoliciesClient() # Each deny policy is attached to an organization, folder, or project. # To work with deny policies, specify the attachment point. diff --git a/packages/google-cloud-iam/samples/snippets/noxfile_config.py b/packages/google-cloud-iam/samples/snippets/noxfile_config.py index 4fdb52def2ff..e892b338fcea 100644 --- a/packages/google-cloud-iam/samples/snippets/noxfile_config.py +++ b/packages/google-cloud-iam/samples/snippets/noxfile_config.py @@ -31,7 +31,7 @@ # build specific Cloud project. You can also use your own string # to use your own Cloud project. # "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", - "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": {}, diff --git a/packages/google-cloud-iam/samples/snippets/requirements-test.txt b/packages/google-cloud-iam/samples/snippets/requirements-test.txt new file mode 100644 index 000000000000..d00689e0623a --- /dev/null +++ b/packages/google-cloud-iam/samples/snippets/requirements-test.txt @@ -0,0 +1 @@ +pytest==7.1.2 diff --git a/packages/google-cloud-iam/samples/snippets/test_deny_policies.py b/packages/google-cloud-iam/samples/snippets/test_deny_policies.py index 3a5bb573dc8d..f6f50cb55318 100644 --- a/packages/google-cloud-iam/samples/snippets/test_deny_policies.py +++ b/packages/google-cloud-iam/samples/snippets/test_deny_policies.py @@ -15,23 +15,25 @@ import os import re -from _pytest.capture import CaptureFixture +import pytest from samples.snippets.get_deny_policy import get_deny_policy from samples.snippets.list_deny_policies import list_deny_policy from samples.snippets.update_deny_policy import update_deny_policy -PROJECT_ID = os.environ["PROJECT_ID"] +PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"] GOOGLE_APPLICATION_CREDENTIALS = os.environ["GOOGLE_APPLICATION_CREDENTIALS"] -def test_retrieve_policy(capsys: CaptureFixture, deny_policy) -> None: +def test_retrieve_policy( + capsys: "pytest.CaptureFixture[str]", deny_policy: str +) -> None: # Test policy retrieval, given the policy id. get_deny_policy(PROJECT_ID, deny_policy) out, _ = capsys.readouterr() assert re.search(f"Retrieved the deny policy: {deny_policy}", out) -def test_list_policies(capsys: CaptureFixture, deny_policy) -> None: +def test_list_policies(capsys: "pytest.CaptureFixture[str]", deny_policy: str) -> None: # Check if the created policy is listed. list_deny_policy(PROJECT_ID) out, _ = capsys.readouterr() @@ -39,7 +41,9 @@ def test_list_policies(capsys: CaptureFixture, deny_policy) -> None: assert re.search("Listed all deny policies", out) -def test_update_deny_policy(capsys: CaptureFixture, deny_policy) -> None: +def test_update_deny_policy( + capsys: "pytest.CaptureFixture[str]", deny_policy: str +) -> None: # Check if the policy rule is updated. policy = get_deny_policy(PROJECT_ID, deny_policy) update_deny_policy(PROJECT_ID, deny_policy, policy.etag) diff --git a/packages/google-cloud-iam/samples/snippets/update_deny_policy.py b/packages/google-cloud-iam/samples/snippets/update_deny_policy.py index d3b8477182c3..3756c0bdecb6 100644 --- a/packages/google-cloud-iam/samples/snippets/update_deny_policy.py +++ b/packages/google-cloud-iam/samples/snippets/update_deny_policy.py @@ -16,9 +16,8 @@ # [START iam_update_deny_policy] def update_deny_policy(project_id: str, policy_id: str, etag: str) -> None: - from google.cloud import iam_v2beta - from google.cloud.iam_v2beta import types - from google.type import expr_pb2 + from google.cloud import iam_v2 + from google.cloud.iam_v2 import types """ Update the deny rules and/ or its display name after policy creation. @@ -30,7 +29,7 @@ def update_deny_policy(project_id: str, policy_id: str, etag: str) -> None: etag: Etag field that identifies the policy version. The etag changes each time you update the policy. Get the etag of an existing policy by performing a GetPolicy request. """ - policies_client = iam_v2beta.PoliciesClient() + policies_client = iam_v2.PoliciesClient() # Each deny policy is attached to an organization, folder, or project. # To work with deny policies, specify the attachment point. @@ -94,8 +93,8 @@ def update_deny_policy(project_id: str, policy_id: str, etag: str) -> None: request = types.UpdatePolicyRequest() request.policy = policy - policies_client.update_policy(request=request) - print(f"Updated the deny policy: {policy_id}") + result = policies_client.update_policy(request=request).result() + print(f"Updated the deny policy: {result.name.rsplit('/')[-1]}") if __name__ == "__main__": diff --git a/packages/google-cloud-iam/scripts/fixup_iam_v2_keywords.py b/packages/google-cloud-iam/scripts/fixup_iam_v2_keywords.py new file mode 100644 index 000000000000..23d3d6d7beb8 --- /dev/null +++ b/packages/google-cloud-iam/scripts/fixup_iam_v2_keywords.py @@ -0,0 +1,180 @@ +#! /usr/bin/env python3 +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import argparse +import os +import libcst as cst +import pathlib +import sys +from typing import (Any, Callable, Dict, List, Sequence, Tuple) + + +def partition( + predicate: Callable[[Any], bool], + iterator: Sequence[Any] +) -> Tuple[List[Any], List[Any]]: + """A stable, out-of-place partition.""" + results = ([], []) + + for i in iterator: + results[int(predicate(i))].append(i) + + # Returns trueList, falseList + return results[1], results[0] + + +class iamCallTransformer(cst.CSTTransformer): + CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') + METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { + 'create_policy': ('parent', 'policy', 'policy_id', ), + 'delete_policy': ('name', 'etag', ), + 'get_policy': ('name', ), + 'list_policies': ('parent', 'page_size', 'page_token', ), + 'update_policy': ('policy', ), + } + + def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: + try: + key = original.func.attr.value + kword_params = self.METHOD_TO_PARAMS[key] + except (AttributeError, KeyError): + # Either not a method from the API or too convoluted to be sure. + return updated + + # If the existing code is valid, keyword args come after positional args. + # Therefore, all positional args must map to the first parameters. + args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) + if any(k.keyword.value == "request" for k in kwargs): + # We've already fixed this file, don't fix it again. + return updated + + kwargs, ctrl_kwargs = partition( + lambda a: a.keyword.value not in self.CTRL_PARAMS, + kwargs + ) + + args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] + ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) + for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) + + request_arg = cst.Arg( + value=cst.Dict([ + cst.DictElement( + cst.SimpleString("'{}'".format(name)), +cst.Element(value=arg.value) + ) + # Note: the args + kwargs looks silly, but keep in mind that + # the control parameters had to be stripped out, and that + # those could have been passed positionally or by keyword. + for name, arg in zip(kword_params, args + kwargs)]), + keyword=cst.Name("request") + ) + + return updated.with_changes( + args=[request_arg] + ctrl_kwargs + ) + + +def fix_files( + in_dir: pathlib.Path, + out_dir: pathlib.Path, + *, + transformer=iamCallTransformer(), +): + """Duplicate the input dir to the output dir, fixing file method calls. + + Preconditions: + * in_dir is a real directory + * out_dir is a real, empty directory + """ + pyfile_gen = ( + pathlib.Path(os.path.join(root, f)) + for root, _, files in os.walk(in_dir) + for f in files if os.path.splitext(f)[1] == ".py" + ) + + for fpath in pyfile_gen: + with open(fpath, 'r') as f: + src = f.read() + + # Parse the code and insert method call fixes. + tree = cst.parse_module(src) + updated = tree.visit(transformer) + + # Create the path and directory structure for the new file. + updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) + updated_path.parent.mkdir(parents=True, exist_ok=True) + + # Generate the updated source file at the corresponding path. + with open(updated_path, 'w') as f: + f.write(updated.code) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description="""Fix up source that uses the iam client library. + +The existing sources are NOT overwritten but are copied to output_dir with changes made. + +Note: This tool operates at a best-effort level at converting positional + parameters in client method calls to keyword based parameters. + Cases where it WILL FAIL include + A) * or ** expansion in a method call. + B) Calls via function or method alias (includes free function calls) + C) Indirect or dispatched calls (e.g. the method is looked up dynamically) + + These all constitute false negatives. The tool will also detect false + positives when an API method shares a name with another method. +""") + parser.add_argument( + '-d', + '--input-directory', + required=True, + dest='input_dir', + help='the input directory to walk for python files to fix up', + ) + parser.add_argument( + '-o', + '--output-directory', + required=True, + dest='output_dir', + help='the directory to output files fixed via un-flattening', + ) + args = parser.parse_args() + input_dir = pathlib.Path(args.input_dir) + output_dir = pathlib.Path(args.output_dir) + if not input_dir.is_dir(): + print( + f"input directory '{input_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if not output_dir.is_dir(): + print( + f"output directory '{output_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if os.listdir(output_dir): + print( + f"output directory '{output_dir}' is not empty", + file=sys.stderr, + ) + sys.exit(-1) + + fix_files(input_dir, output_dir) diff --git a/packages/google-cloud-iam/tests/unit/gapic/iam_credentials_v1/test_iam_credentials.py b/packages/google-cloud-iam/tests/unit/gapic/iam_credentials_v1/test_iam_credentials.py index 0bc68a186042..1bb7d75086dc 100644 --- a/packages/google-cloud-iam/tests/unit/gapic/iam_credentials_v1/test_iam_credentials.py +++ b/packages/google-cloud-iam/tests/unit/gapic/iam_credentials_v1/test_iam_credentials.py @@ -18,8 +18,8 @@ # try/except added for compatibility with python < 3.8 try: from unittest import mock - from unittest.mock import AsyncMock -except ImportError: + from unittest.mock import AsyncMock # pragma: NO COVER +except ImportError: # pragma: NO COVER import mock import math @@ -35,6 +35,7 @@ from google.protobuf import timestamp_pb2 # type: ignore import grpc from grpc.experimental import aio +from proto.marshal.rules import wrappers from proto.marshal.rules.dates import DurationRule, TimestampRule import pytest diff --git a/packages/google-cloud-iam/tests/unit/gapic/iam_v2/__init__.py b/packages/google-cloud-iam/tests/unit/gapic/iam_v2/__init__.py new file mode 100644 index 000000000000..e8e1c3845db5 --- /dev/null +++ b/packages/google-cloud-iam/tests/unit/gapic/iam_v2/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/packages/google-cloud-iam/tests/unit/gapic/iam_v2/test_policies.py b/packages/google-cloud-iam/tests/unit/gapic/iam_v2/test_policies.py new file mode 100644 index 000000000000..f053031efec7 --- /dev/null +++ b/packages/google-cloud-iam/tests/unit/gapic/iam_v2/test_policies.py @@ -0,0 +1,2806 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os + +# try/except added for compatibility with python < 3.8 +try: + from unittest import mock + from unittest.mock import AsyncMock # pragma: NO COVER +except ImportError: # pragma: NO COVER + import mock + +import math + +from google.api_core import ( + future, + gapic_v1, + grpc_helpers, + grpc_helpers_async, + operation, + operations_v1, + path_template, +) +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import operation_async # type: ignore +import google.auth +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.longrunning import operations_pb2 +from google.oauth2 import service_account +from google.protobuf import timestamp_pb2 # type: ignore +from google.type import expr_pb2 # type: ignore +import grpc +from grpc.experimental import aio +from proto.marshal.rules import wrappers +from proto.marshal.rules.dates import DurationRule, TimestampRule +import pytest + +from google.cloud.iam_v2.services.policies import ( + PoliciesAsyncClient, + PoliciesClient, + pagers, + transports, +) +from google.cloud.iam_v2.types import deny +from google.cloud.iam_v2.types import policy +from google.cloud.iam_v2.types import policy as gi_policy + + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return ( + "foo.googleapis.com" + if ("localhost" in client.DEFAULT_ENDPOINT) + else client.DEFAULT_ENDPOINT + ) + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert PoliciesClient._get_default_mtls_endpoint(None) is None + assert PoliciesClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint + assert ( + PoliciesClient._get_default_mtls_endpoint(api_mtls_endpoint) + == api_mtls_endpoint + ) + assert ( + PoliciesClient._get_default_mtls_endpoint(sandbox_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + PoliciesClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) + == sandbox_mtls_endpoint + ) + assert PoliciesClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi + + +@pytest.mark.parametrize( + "client_class,transport_name", + [ + (PoliciesClient, "grpc"), + (PoliciesAsyncClient, "grpc_asyncio"), + ], +) +def test_policies_client_from_service_account_info(client_class, transport_name): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info, transport=transport_name) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == ("iam.googleapis.com:443") + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.PoliciesGrpcTransport, "grpc"), + (transports.PoliciesGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_policies_client_service_account_always_use_jwt( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "client_class,transport_name", + [ + (PoliciesClient, "grpc"), + (PoliciesAsyncClient, "grpc_asyncio"), + ], +) +def test_policies_client_from_service_account_file(client_class, transport_name): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_file" + ) as factory: + factory.return_value = creds + client = client_class.from_service_account_file( + "dummy/file/path.json", transport=transport_name + ) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json( + "dummy/file/path.json", transport=transport_name + ) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == ("iam.googleapis.com:443") + + +def test_policies_client_get_transport_class(): + transport = PoliciesClient.get_transport_class() + available_transports = [ + transports.PoliciesGrpcTransport, + ] + assert transport in available_transports + + transport = PoliciesClient.get_transport_class("grpc") + assert transport == transports.PoliciesGrpcTransport + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (PoliciesClient, transports.PoliciesGrpcTransport, "grpc"), + (PoliciesAsyncClient, transports.PoliciesGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +@mock.patch.object( + PoliciesClient, "DEFAULT_ENDPOINT", modify_default_endpoint(PoliciesClient) +) +@mock.patch.object( + PoliciesAsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(PoliciesAsyncClient), +) +def test_policies_client_client_options(client_class, transport_class, transport_name): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(PoliciesClient, "get_transport_class") as gtc: + transport = transport_class(credentials=ga_credentials.AnonymousCredentials()) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(PoliciesClient, "get_transport_class") as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name, client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class(transport=transport_name) + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"} + ): + with pytest.raises(ValueError): + client = client_class(transport=transport_name) + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions( + api_audience="https://language.googleapis.com" + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com", + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name,use_client_cert_env", + [ + (PoliciesClient, transports.PoliciesGrpcTransport, "grpc", "true"), + ( + PoliciesAsyncClient, + transports.PoliciesGrpcAsyncIOTransport, + "grpc_asyncio", + "true", + ), + (PoliciesClient, transports.PoliciesGrpcTransport, "grpc", "false"), + ( + PoliciesAsyncClient, + transports.PoliciesGrpcAsyncIOTransport, + "grpc_asyncio", + "false", + ), + ], +) +@mock.patch.object( + PoliciesClient, "DEFAULT_ENDPOINT", modify_default_endpoint(PoliciesClient) +) +@mock.patch.object( + PoliciesAsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(PoliciesAsyncClient), +) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_policies_client_mtls_env_auto( + client_class, transport_class, transport_name, use_client_cert_env +): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + options = client_options.ClientOptions( + client_cert_source=client_cert_source_callback + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, + ): + with mock.patch( + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + +@pytest.mark.parametrize("client_class", [PoliciesClient, PoliciesAsyncClient]) +@mock.patch.object( + PoliciesClient, "DEFAULT_ENDPOINT", modify_default_endpoint(PoliciesClient) +) +@mock.patch.object( + PoliciesAsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(PoliciesAsyncClient), +) +def test_policies_client_get_mtls_endpoint_and_cert_source(client_class): + mock_client_cert_source = mock.Mock() + + # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "true". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + mock_api_endpoint = "foo" + options = client_options.ClientOptions( + client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint + ) + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source( + options + ) + assert api_endpoint == mock_api_endpoint + assert cert_source == mock_client_cert_source + + # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "false". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}): + mock_client_cert_source = mock.Mock() + mock_api_endpoint = "foo" + options = client_options.ClientOptions( + client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint + ) + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source( + options + ) + assert api_endpoint == mock_api_endpoint + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_ENDPOINT + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert doesn't exist. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_ENDPOINT + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert exists. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, + ): + with mock.patch( + "google.auth.transport.mtls.default_client_cert_source", + return_value=mock_client_cert_source, + ): + ( + api_endpoint, + cert_source, + ) = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT + assert cert_source == mock_client_cert_source + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (PoliciesClient, transports.PoliciesGrpcTransport, "grpc"), + (PoliciesAsyncClient, transports.PoliciesGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_policies_client_client_options_scopes( + client_class, transport_class, transport_name +): + # Check the case scopes are provided. + options = client_options.ClientOptions( + scopes=["1", "2"], + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name,grpc_helpers", + [ + (PoliciesClient, transports.PoliciesGrpcTransport, "grpc", grpc_helpers), + ( + PoliciesAsyncClient, + transports.PoliciesGrpcAsyncIOTransport, + "grpc_asyncio", + grpc_helpers_async, + ), + ], +) +def test_policies_client_client_options_credentials_file( + client_class, transport_class, transport_name, grpc_helpers +): + # Check the case credentials file is provided. + options = client_options.ClientOptions(credentials_file="credentials.json") + + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + +def test_policies_client_client_options_from_dict(): + with mock.patch( + "google.cloud.iam_v2.services.policies.transports.PoliciesGrpcTransport.__init__" + ) as grpc_transport: + grpc_transport.return_value = None + client = PoliciesClient(client_options={"api_endpoint": "squid.clam.whelk"}) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name,grpc_helpers", + [ + (PoliciesClient, transports.PoliciesGrpcTransport, "grpc", grpc_helpers), + ( + PoliciesAsyncClient, + transports.PoliciesGrpcAsyncIOTransport, + "grpc_asyncio", + grpc_helpers_async, + ), + ], +) +def test_policies_client_create_channel_credentials_file( + client_class, transport_class, transport_name, grpc_helpers +): + # Check the case credentials file is provided. + options = client_options.ClientOptions(credentials_file="credentials.json") + + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # test that the credentials from file are saved and used as the credentials. + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel" + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + file_creds = ga_credentials.AnonymousCredentials() + load_creds.return_value = (file_creds, None) + adc.return_value = (creds, None) + client = client_class(client_options=options, transport=transport_name) + create_channel.assert_called_with( + "iam.googleapis.com:443", + credentials=file_creds, + credentials_file=None, + quota_project_id=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, + default_host="iam.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "request_type", + [ + policy.ListPoliciesRequest, + dict, + ], +) +def test_list_policies(request_type, transport: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.ListPoliciesResponse( + next_page_token="next_page_token_value", + ) + response = client.list_policies(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == policy.ListPoliciesRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListPoliciesPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_policies_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + client.list_policies() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == policy.ListPoliciesRequest() + + +@pytest.mark.asyncio +async def test_list_policies_async( + transport: str = "grpc_asyncio", request_type=policy.ListPoliciesRequest +): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + policy.ListPoliciesResponse( + next_page_token="next_page_token_value", + ) + ) + response = await client.list_policies(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == policy.ListPoliciesRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListPoliciesAsyncPager) + assert response.next_page_token == "next_page_token_value" + + +@pytest.mark.asyncio +async def test_list_policies_async_from_dict(): + await test_list_policies_async(request_type=dict) + + +def test_list_policies_field_headers(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.ListPoliciesRequest() + + request.parent = "parent_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + call.return_value = policy.ListPoliciesResponse() + client.list_policies(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "parent=parent_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_list_policies_field_headers_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.ListPoliciesRequest() + + request.parent = "parent_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + policy.ListPoliciesResponse() + ) + await client.list_policies(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "parent=parent_value", + ) in kw["metadata"] + + +def test_list_policies_flattened(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.ListPoliciesResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_policies( + parent="parent_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = "parent_value" + assert arg == mock_val + + +def test_list_policies_flattened_error(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_policies( + policy.ListPoliciesRequest(), + parent="parent_value", + ) + + +@pytest.mark.asyncio +async def test_list_policies_flattened_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.ListPoliciesResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + policy.ListPoliciesResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_policies( + parent="parent_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = "parent_value" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_list_policies_flattened_error_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_policies( + policy.ListPoliciesRequest(), + parent="parent_value", + ) + + +def test_list_policies_pager(transport_name: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials, + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + # Set the response to a series of pages. + call.side_effect = ( + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + policy.Policy(), + ], + next_page_token="abc", + ), + policy.ListPoliciesResponse( + policies=[], + next_page_token="def", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + ], + next_page_token="ghi", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + ], + ), + RuntimeError, + ) + + metadata = () + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", ""),)), + ) + pager = client.list_policies(request={}) + + assert pager._metadata == metadata + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, policy.Policy) for i in results) + + +def test_list_policies_pages(transport_name: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials, + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_policies), "__call__") as call: + # Set the response to a series of pages. + call.side_effect = ( + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + policy.Policy(), + ], + next_page_token="abc", + ), + policy.ListPoliciesResponse( + policies=[], + next_page_token="def", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + ], + next_page_token="ghi", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + ], + ), + RuntimeError, + ) + pages = list(client.list_policies(request={}).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.asyncio +async def test_list_policies_async_pager(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_policies), "__call__", new_callable=mock.AsyncMock + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + policy.Policy(), + ], + next_page_token="abc", + ), + policy.ListPoliciesResponse( + policies=[], + next_page_token="def", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + ], + next_page_token="ghi", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + ], + ), + RuntimeError, + ) + async_pager = await client.list_policies( + request={}, + ) + assert async_pager.next_page_token == "abc" + responses = [] + async for response in async_pager: # pragma: no branch + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, policy.Policy) for i in responses) + + +@pytest.mark.asyncio +async def test_list_policies_async_pages(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_policies), "__call__", new_callable=mock.AsyncMock + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + policy.Policy(), + ], + next_page_token="abc", + ), + policy.ListPoliciesResponse( + policies=[], + next_page_token="def", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + ], + next_page_token="ghi", + ), + policy.ListPoliciesResponse( + policies=[ + policy.Policy(), + policy.Policy(), + ], + ), + RuntimeError, + ) + pages = [] + async for page_ in ( + await client.list_policies(request={}) + ).pages: # pragma: no branch + pages.append(page_) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + policy.GetPolicyRequest, + dict, + ], +) +def test_get_policy(request_type, transport: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.Policy( + name="name_value", + uid="uid_value", + kind="kind_value", + display_name="display_name_value", + etag="etag_value", + managing_authority="managing_authority_value", + ) + response = client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == policy.GetPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, policy.Policy) + assert response.name == "name_value" + assert response.uid == "uid_value" + assert response.kind == "kind_value" + assert response.display_name == "display_name_value" + assert response.etag == "etag_value" + assert response.managing_authority == "managing_authority_value" + + +def test_get_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + client.get_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == policy.GetPolicyRequest() + + +@pytest.mark.asyncio +async def test_get_policy_async( + transport: str = "grpc_asyncio", request_type=policy.GetPolicyRequest +): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + policy.Policy( + name="name_value", + uid="uid_value", + kind="kind_value", + display_name="display_name_value", + etag="etag_value", + managing_authority="managing_authority_value", + ) + ) + response = await client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == policy.GetPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, policy.Policy) + assert response.name == "name_value" + assert response.uid == "uid_value" + assert response.kind == "kind_value" + assert response.display_name == "display_name_value" + assert response.etag == "etag_value" + assert response.managing_authority == "managing_authority_value" + + +@pytest.mark.asyncio +async def test_get_policy_async_from_dict(): + await test_get_policy_async(request_type=dict) + + +def test_get_policy_field_headers(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.GetPolicyRequest() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + call.return_value = policy.Policy() + client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_policy_field_headers_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.GetPolicyRequest() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy.Policy()) + await client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +def test_get_policy_flattened(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.Policy() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_policy( + name="name_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + + +def test_get_policy_flattened_error(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_policy( + policy.GetPolicyRequest(), + name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_policy_flattened_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.Policy() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy.Policy()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_policy( + name="name_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_get_policy_flattened_error_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_policy( + policy.GetPolicyRequest(), + name="name_value", + ) + + +@pytest.mark.parametrize( + "request_type", + [ + gi_policy.CreatePolicyRequest, + dict, + ], +) +def test_create_policy(request_type, transport: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name="operations/spam") + response = client.create_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == gi_policy.CreatePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +def test_create_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_policy), "__call__") as call: + client.create_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == gi_policy.CreatePolicyRequest() + + +@pytest.mark.asyncio +async def test_create_policy_async( + transport: str = "grpc_asyncio", request_type=gi_policy.CreatePolicyRequest +): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/spam") + ) + response = await client.create_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == gi_policy.CreatePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +@pytest.mark.asyncio +async def test_create_policy_async_from_dict(): + await test_create_policy_async(request_type=dict) + + +def test_create_policy_field_headers(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = gi_policy.CreatePolicyRequest() + + request.parent = "parent_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_policy), "__call__") as call: + call.return_value = operations_pb2.Operation(name="operations/op") + client.create_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "parent=parent_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_create_policy_field_headers_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = gi_policy.CreatePolicyRequest() + + request.parent = "parent_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_policy), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/op") + ) + await client.create_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "parent=parent_value", + ) in kw["metadata"] + + +def test_create_policy_flattened(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name="operations/op") + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_policy( + parent="parent_value", + policy=gi_policy.Policy(name="name_value"), + policy_id="policy_id_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = "parent_value" + assert arg == mock_val + arg = args[0].policy + mock_val = gi_policy.Policy(name="name_value") + assert arg == mock_val + arg = args[0].policy_id + mock_val = "policy_id_value" + assert arg == mock_val + + +def test_create_policy_flattened_error(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_policy( + gi_policy.CreatePolicyRequest(), + parent="parent_value", + policy=gi_policy.Policy(name="name_value"), + policy_id="policy_id_value", + ) + + +@pytest.mark.asyncio +async def test_create_policy_flattened_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name="operations/op") + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/spam") + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_policy( + parent="parent_value", + policy=gi_policy.Policy(name="name_value"), + policy_id="policy_id_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = "parent_value" + assert arg == mock_val + arg = args[0].policy + mock_val = gi_policy.Policy(name="name_value") + assert arg == mock_val + arg = args[0].policy_id + mock_val = "policy_id_value" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_create_policy_flattened_error_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_policy( + gi_policy.CreatePolicyRequest(), + parent="parent_value", + policy=gi_policy.Policy(name="name_value"), + policy_id="policy_id_value", + ) + + +@pytest.mark.parametrize( + "request_type", + [ + policy.UpdatePolicyRequest, + dict, + ], +) +def test_update_policy(request_type, transport: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name="operations/spam") + response = client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == policy.UpdatePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +def test_update_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + client.update_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == policy.UpdatePolicyRequest() + + +@pytest.mark.asyncio +async def test_update_policy_async( + transport: str = "grpc_asyncio", request_type=policy.UpdatePolicyRequest +): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/spam") + ) + response = await client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == policy.UpdatePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +@pytest.mark.asyncio +async def test_update_policy_async_from_dict(): + await test_update_policy_async(request_type=dict) + + +def test_update_policy_field_headers(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.UpdatePolicyRequest() + + request.policy.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + call.return_value = operations_pb2.Operation(name="operations/op") + client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "policy.name=name_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_update_policy_field_headers_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.UpdatePolicyRequest() + + request.policy.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/op") + ) + await client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "policy.name=name_value", + ) in kw["metadata"] + + +@pytest.mark.parametrize( + "request_type", + [ + policy.DeletePolicyRequest, + dict, + ], +) +def test_delete_policy(request_type, transport: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name="operations/spam") + response = client.delete_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == policy.DeletePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +def test_delete_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_policy), "__call__") as call: + client.delete_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == policy.DeletePolicyRequest() + + +@pytest.mark.asyncio +async def test_delete_policy_async( + transport: str = "grpc_asyncio", request_type=policy.DeletePolicyRequest +): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/spam") + ) + response = await client.delete_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == policy.DeletePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +@pytest.mark.asyncio +async def test_delete_policy_async_from_dict(): + await test_delete_policy_async(request_type=dict) + + +def test_delete_policy_field_headers(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.DeletePolicyRequest() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_policy), "__call__") as call: + call.return_value = operations_pb2.Operation(name="operations/op") + client.delete_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_delete_policy_field_headers_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = policy.DeletePolicyRequest() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_policy), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/op") + ) + await client.delete_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +def test_delete_policy_flattened(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name="operations/op") + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.delete_policy( + name="name_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + + +def test_delete_policy_flattened_error(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_policy( + policy.DeletePolicyRequest(), + name="name_value", + ) + + +@pytest.mark.asyncio +async def test_delete_policy_flattened_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name="operations/op") + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name="operations/spam") + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.delete_policy( + name="name_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_delete_policy_flattened_error_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.delete_policy( + policy.DeletePolicyRequest(), + name="name_value", + ) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.PoliciesGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.PoliciesGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = PoliciesClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide an api_key and a transport instance. + transport = transports.PoliciesGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + options = client_options.ClientOptions() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = PoliciesClient( + client_options=options, + transport=transport, + ) + + # It is an error to provide an api_key and a credential. + options = mock.Mock() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = PoliciesClient( + client_options=options, credentials=ga_credentials.AnonymousCredentials() + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.PoliciesGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = PoliciesClient( + client_options={"scopes": ["1", "2"]}, + transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.PoliciesGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = PoliciesClient(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.PoliciesGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.PoliciesGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.PoliciesGrpcTransport, + transports.PoliciesGrpcAsyncIOTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + ], +) +def test_transport_kind(transport_name): + transport = PoliciesClient.get_transport_class(transport_name)( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert transport.kind == transport_name + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, + transports.PoliciesGrpcTransport, + ) + + +def test_policies_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.PoliciesTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_policies_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.iam_v2.services.policies.transports.PoliciesTransport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.PoliciesTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + "list_policies", + "get_policy", + "create_policy", + "update_policy", + "delete_policy", + "get_operation", + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + with pytest.raises(NotImplementedError): + transport.close() + + # Additionally, the LRO client (a property) should + # also raise NotImplementedError + with pytest.raises(NotImplementedError): + transport.operations_client + + # Catch all for all remaining methods and properties + remainder = [ + "kind", + ] + for r in remainder: + with pytest.raises(NotImplementedError): + getattr(transport, r)() + + +def test_policies_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.iam_v2.services.policies.transports.PoliciesTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.PoliciesTransport( + credentials_file="credentials.json", + quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +def test_policies_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( + "google.cloud.iam_v2.services.policies.transports.PoliciesTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.PoliciesTransport() + adc.assert_called_once() + + +def test_policies_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + PoliciesClient() + adc.assert_called_once_with( + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.PoliciesGrpcTransport, + transports.PoliciesGrpcAsyncIOTransport, + ], +) +def test_policies_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.PoliciesGrpcTransport, + transports.PoliciesGrpcAsyncIOTransport, + ], +) +def test_policies_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.PoliciesGrpcTransport, grpc_helpers), + (transports.PoliciesGrpcAsyncIOTransport, grpc_helpers_async), + ], +) +def test_policies_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "iam.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=["1", "2"], + default_host="iam.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class", + [transports.PoliciesGrpcTransport, transports.PoliciesGrpcAsyncIOTransport], +) +def test_policies_grpc_transport_client_cert_source_for_mtls(transport_class): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + "grpc_asyncio", + ], +) +def test_policies_host_no_port(transport_name): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions(api_endpoint="iam.googleapis.com"), + transport=transport_name, + ) + assert client.transport._host == ("iam.googleapis.com:443") + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + "grpc_asyncio", + ], +) +def test_policies_host_with_port(transport_name): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="iam.googleapis.com:8000" + ), + transport=transport_name, + ) + assert client.transport._host == ("iam.googleapis.com:8000") + + +def test_policies_grpc_transport_channel(): + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.PoliciesGrpcTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_policies_grpc_asyncio_transport_channel(): + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.PoliciesGrpcAsyncIOTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [transports.PoliciesGrpcTransport, transports.PoliciesGrpcAsyncIOTransport], +) +def test_policies_transport_channel_mtls_with_client_cert_source(transport_class): + with mock.patch( + "grpc.ssl_channel_credentials", autospec=True + ) as grpc_ssl_channel_cred: + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [transports.PoliciesGrpcTransport, transports.PoliciesGrpcAsyncIOTransport], +) +def test_policies_transport_channel_mtls_with_adc(transport_class): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_policies_grpc_lro_client(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.OperationsClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + +def test_policies_grpc_lro_async_client(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc_asyncio", + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.OperationsAsyncClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + +def test_common_billing_account_path(): + billing_account = "squid" + expected = "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + actual = PoliciesClient.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "clam", + } + path = PoliciesClient.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = PoliciesClient.parse_common_billing_account_path(path) + assert expected == actual + + +def test_common_folder_path(): + folder = "whelk" + expected = "folders/{folder}".format( + folder=folder, + ) + actual = PoliciesClient.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "octopus", + } + path = PoliciesClient.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = PoliciesClient.parse_common_folder_path(path) + assert expected == actual + + +def test_common_organization_path(): + organization = "oyster" + expected = "organizations/{organization}".format( + organization=organization, + ) + actual = PoliciesClient.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "nudibranch", + } + path = PoliciesClient.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = PoliciesClient.parse_common_organization_path(path) + assert expected == actual + + +def test_common_project_path(): + project = "cuttlefish" + expected = "projects/{project}".format( + project=project, + ) + actual = PoliciesClient.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "mussel", + } + path = PoliciesClient.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = PoliciesClient.parse_common_project_path(path) + assert expected == actual + + +def test_common_location_path(): + project = "winkle" + location = "nautilus" + expected = "projects/{project}/locations/{location}".format( + project=project, + location=location, + ) + actual = PoliciesClient.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "scallop", + "location": "abalone", + } + path = PoliciesClient.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = PoliciesClient.parse_common_location_path(path) + assert expected == actual + + +def test_client_with_default_client_info(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object( + transports.PoliciesTransport, "_prep_wrapped_messages" + ) as prep: + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object( + transports.PoliciesTransport, "_prep_wrapped_messages" + ) as prep: + transport_class = PoliciesClient.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + +@pytest.mark.asyncio +async def test_transport_close_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc_asyncio", + ) + with mock.patch.object( + type(getattr(client.transport, "grpc_channel")), "close" + ) as close: + async with client: + close.assert_not_called() + close.assert_called_once() + + +def test_get_operation(transport: str = "grpc"): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.GetOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation() + response = client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) + + +@pytest.mark.asyncio +async def test_get_operation_async(transport: str = "grpc"): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.GetOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + response = await client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) + + +def test_get_operation_field_headers(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.GetOperationRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + call.return_value = operations_pb2.Operation() + + client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_operation_field_headers_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.GetOperationRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + await client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] + + +def test_get_operation_from_dict(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation() + + response = client.get_operation( + request={ + "name": "locations", + } + ) + call.assert_called() + + +@pytest.mark.asyncio +async def test_get_operation_from_dict_async(): + client = PoliciesAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + response = await client.get_operation( + request={ + "name": "locations", + } + ) + call.assert_called() + + +def test_transport_close(): + transports = { + "grpc": "_grpc_channel", + } + + for transport, close_name in transports.items(): + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + with mock.patch.object( + type(getattr(client.transport, close_name)), "close" + ) as close: + with client: + close.assert_not_called() + close.assert_called_once() + + +def test_client_ctx(): + transports = [ + "grpc", + ] + for transport in transports: + client = PoliciesClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + # Test client calls underlying transport. + with mock.patch.object(type(client.transport), "close") as close: + close.assert_not_called() + with client: + pass + close.assert_called() + + +@pytest.mark.parametrize( + "client_class,transport_class", + [ + (PoliciesClient, transports.PoliciesGrpcTransport), + (PoliciesAsyncClient, transports.PoliciesGrpcAsyncIOTransport), + ], +) +def test_api_key_credentials(client_class, transport_class): + with mock.patch.object( + google.auth._default, "get_api_key_credentials", create=True + ) as get_api_key_credentials: + mock_cred = mock.Mock() + get_api_key_credentials.return_value = mock_cred + options = client_options.ClientOptions() + options.api_key = "api_key" + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=mock_cred, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) diff --git a/packages/google-cloud-iam/tests/unit/gapic/iam_v2beta/test_policies.py b/packages/google-cloud-iam/tests/unit/gapic/iam_v2beta/test_policies.py index b56a6da8cb21..520646d87a96 100644 --- a/packages/google-cloud-iam/tests/unit/gapic/iam_v2beta/test_policies.py +++ b/packages/google-cloud-iam/tests/unit/gapic/iam_v2beta/test_policies.py @@ -18,8 +18,8 @@ # try/except added for compatibility with python < 3.8 try: from unittest import mock - from unittest.mock import AsyncMock -except ImportError: + from unittest.mock import AsyncMock # pragma: NO COVER +except ImportError: # pragma: NO COVER import mock import math @@ -45,6 +45,7 @@ from google.type import expr_pb2 # type: ignore import grpc from grpc.experimental import aio +from proto.marshal.rules import wrappers from proto.marshal.rules.dates import DurationRule, TimestampRule import pytest